❗️CVE-2026-21440: A critical path traversal vulnerability affecting the AdonisJS framework, specifically its multipart file upload handling. PoC Exploit:
GitHub
GitHub - Ashwesker/Ashwesker-CVE-2026-21440: CVE-2026-21440
CVE-2026-21440. Contribute to Ashwesker/Ashwesker-CVE-2026-21440 development by creating an account on GitHub.
 ▪️CVSS: 9.2 ▪️CVE Published: January 2nd, 2026 ▪️Exploit Published: January 5th, 2026 Details: AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6. image
❗️CVE-2025-60188: Atarim Plugin PoC Exploit GitHub:
GitHub
GitHub - m4sh-wacker/CVE-2025-60188-Atarim-Plugin-Exploit
Contribute to m4sh-wacker/CVE-2025-60188-Atarim-Plugin-Exploit development by creating an account on GitHub.
 image
Dstat[.]one is a "simplified, private L4 and L7 Dstats with real-time graphs" dstat[.]one
image image
❗️🇹🇼 Alleged Data Breach of Audio Systems Manufacturer Tymphany Exposing Source Code and Confidential Technical Data
Alleged Data Breach of Audio Systems Manufacturer Tymphany Exposing Source Code and Confidential Technical Data
A reminder that The OpSec Bible exists... a lot of you should really check it out and add to your daily routine. http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd[.]onion image
❗️PLAY Ransomware has claimed 3 victims 🇺🇸 WiZiX Technology Group 🇺🇸 Denny’s 5th Avenue Bakery 🇺🇸 Launie & Marino image
❗️Alleged Sale of Aeternum C2 BotNet Loader with Blockchain-Based Command and Control Infrastructure
Alleged Sale of Aeternum C2 BotNet Loader with Blockchain-Based Command and Control Infrastructure
Telegram 1-click vulnerability verified to reveal your real IP address, even if you use a proxy. Affects both Android and iOS Telegram clients. More from @GangExposed_RU:
X (formerly Twitter)
GangExposed RU (@GangExposed_RU) on X
⚠️Telegram 1-click vulnerability A single click can reveal your real IP address — even if you use a proxy. Affects both Android and iOS Tel...
 Video Credit: @0x6rss on X
❗️🇬🇧 Alleged Data Breach of UK Furniture Retailer Mobelaris Exposing 57,000 Orders and 64,000 Customer Records
Alleged Data Breach of UK Furniture Retailer Mobelaris Exposing 57,000 Orders and 64,000 Customer Records
❗️The admin of BreachForums released a statement regarding the users database leak that dates back to August 2025. image