CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability:
SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.
CVE-2025-11953: React Native Community CLI OS Command Injection Vulnerability:
React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute arbitrary shell commands with fully controlled arguments.
❗️🇫🇷 SSL/TLS certificates allegedly belonging to France's Ministry of the Interior and National French Police are being offered for sale.
The leak includes 42 files in certificate formats (.crl, .der, .cer, .pem, .crt, .xml), with the seller indicating additional certificates are available for purchase.
‼️ Access to a large EU-based Magento 2.4.7 sports shop is being auctioned, with iframe card capture already in place.
The site reportedly processed 80,000 cards in December, 150,000 in January, and 15,000 so far in February. The auction starts at $30,000 with a blitz price of $50,000.
‼️🇫🇷 Two French organizations have allegedly been breached by the same threat actor:
Fédération Française de la Randonnée Pédestre: Data from 813,983 members of France's national hiking federation is for sale, containing 471,352 unique emails and 796,141 unique phone numbers from 2024–2025 license holders.
CCAS Dunkerque: Records of 66,343 individuals receiving social assistance from the Community Center for Social Action in Dunkerque, including 40,406 unique phone numbers and 13,098 unique emails. The data includes family groupings and welfare recipient details.
‼️ An EU-based PrestaShop store selling nutritional supplements is being auctioned with admin account access and a SQL injection point included.
The site processes card and PayPal payments with 700 orders in the last 30 days and over 50,000 total. The auction starts at $1,000 with a blitz price of $2,000.
