October Rain has a Twig Sandbox Bypass via Collection Methods

A sandbox bypass vulnerability was identified in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Impact - Bypass of Twig sandbox...

CVE-2026-22692

CVE-2026-22692 affects October CMS Twig sandbox (CMS_SAFE_MODE). Vulnerable in versions prior to 3.7.13 and 4.0.0–4.1.4; fixed in 3.7.13 and 4.1.5. Root cause: collect()->mapInto() on SafeCollection bypasses SecurityPolicy, allowing authenticated template editors to bypass sandbox. Exploitatio...

Texas scrutinizes four more car manufacturers on privacy issues (updated)

The Texas Attorney General’s Office has started an investigation into how Ford, Hyundai, Toyota, and Fiat Chrysler collect, share, and sell consumer data, expanding an earlier probe launched last year into how modern automakers are potentially using customer driving data. We've addressed cars and...

HUMINT in a cyber world

TL;DR HUMINT / Human Intelligence is gathered from a person in the location in question. It’s the sort of information we think of in the context of spying. A modern intelligence apparatus is multi-discipline with many different collection methods. HUMINT sources include officers, agents, diplomat...