Navigating the Next Chapter in Corporate Renewable Energy

...

A Cybersecurity Merit Badge

Scouting America formerly known as Boy Scouts has a new badge in cybersecurity. There's an image in the article; it looks good. I want one...

AI Pulse: AI Bot Mitigation Is Increasing Everywhere

...

Friday Squid Blogging: Squid Inks Philippines Fisherman

Good video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

Malicious code in eero_blog (npm)

The package eeroblog was found to contain malicious code...

WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Simple Content Templates for Blog Posts & Pages versions = 2.2.61...

Fake Google Job Offer Email Scam Targets Workspace and Microsoft 365 Users

Cybersecurity firm Sublime Security details a new credential phishing scam impersonating Google Careers to steal login details from Google Workspace and Microsoft 365 users...

How to Prevent Command Injection and SQL Injection Attacks over MCP

...

ERPNext Cross-Site Scripting Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...

CVE-2025-11213

creationtimestamp| type| source ---|---|--- 2025-10-14 16:38:44+00:00| seen| https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review 2025-11-07 01:32:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4ywoc46jh2s...

CVE-2025-59217

creationtimestamp| type| source ---|---|--- 2025-10-14 16:38:44+00:00| seen| https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review...

CVE-2025-59502

creationtimestamp| type| source ---|---|--- 2025-10-14 16:38:44+00:00| seen| https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review...

CVE-2025-11209

creationtimestamp| type| source ---|---|--- 2025-10-14 16:38:44+00:00| seen| https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review...

CVE-2025-11216

creationtimestamp| type| source ---|---|--- 2025-10-14 16:38:44+00:00| seen| https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review 2025-11-07 01:42:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4yxa6wkys2q...

Liferay Mentions Web is Vulnerable to Cross-site Scripting

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

CVE-2025-62246

CVE-2025-62246 is a stored XSS in Liferay Portal 7.4.x and Liferay DXP (older and unsupported versions) due to improper sanitization of name fields in com.liferay.mentions.web; exploited when a crafted first/mmiddle/last name is rendered in widgets/apps such as page comments, blog comments, docs/...

CVE-2025-62246

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

Exploit for CVE-2025-57199

AvTech PoCs PoCs for...

Friday Squid Blogging: Sperm Whale Eating a Giant Squid

Video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...