Almost 800 Hungarian government email addresses and associated passwords are circulating online, revealing basic vulnerabilities in the security protocols of ministries involved in classified and sensitive work. A Bellingcat analysis of breach data shows that 12 out of the government’s 13 ministries have been affected, which in some cases have exposed the confidential information of […] The post ‘Snoopy’, ‘Adolf’ and ‘Password’: The Hungarian Government Passwords Exposed Online appeared first on bellingcat .
Original (en)
Almost 800 Hungarian government email addresses and associated passwords are circulating online, revealing basic vulnerabilities in the security protocols of ministries involved in classified and sensitive work. A Bellingcat analysis of breach data shows that 12 out of the government’s 13 ministries have been affected, which in some cases have exposed the confidential information of […] The post ‘Snoopy’, ‘Adolf’ and ‘Password’: The Hungarian Government Passwords Exposed Online appeared first on bellingcat .
Mandiant and Google GTIG report zero-day exploitation of CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint by suspected PRC-nexus threat actor UNC6201 since mid-2024, enabling deployment of SLAYSTYLE, BRICKSTORM, and novel GRIMBOLT malware. The report includes technical analysis of exploitation methods, persistence mechanisms via convert_hosts.sh modification, newly observed VMware pivot tactics including Ghost NICs and iptables-based Single Packet Authorization, and comprehensive remediation guidance with IOCs and YARA rules.
This intelligence item is a copyrighted vulnerability database listing. It contains detailed vulnerability information including: critical RCE vulnerabilities in enterprise platforms (Chamilo LMS, Smart Slider 3, various WordPress plugins); supply chain attacks (axios npm compromise, Bruno CLI); privilege escalation in cloud/container systems (Kubernetes, OpenShift, LXD); cryptographic weaknesses (OpenSSL, multiple TLS/SSL issues); and memory corruption flaws in media processing libraries (LibRaw, OpenEXR). Multiple vulnerabilities enable unauthenticated remote code execution, with exploitation evidence documented in some cases dating to March-April 2026.
83e8cc02…openwatch.io →This is a detailed vulnerability intelligence report covering January 2026 CVE disclosures, organized by severity level. It includes critical vulnerabilities in major software platforms including Microsoft, Apple, Google Chrome, OpenSSL, Linux kernel, Kubernetes, container technologies, web frameworks (Django, Laravel, Rails), authentication systems, and industrial/IoT devices. Notable high-severity findings include buffer overflows, SQL injection, path traversal, authentication bypass, and remote code execution flaws in widely-deployed systems with active exploitation potential.