112 matches found
AI Researchers Must Help Lead Arms Control to Mitigate Military AI Risks
The advancement of AI capabilities compels researchers and the public to be more aware of its potential worldwide impact. A pressing near-term concern is the regulation of military AI applications. Armament manufacturers and defense contractors are increasingly investing in AI capabilities and...
ICE Wants to Build a Shadow Deportation Network in Texas
A new ICE proposal outlines a 24/7 transport operation run by armed contractors—turning Texas into the logistical backbone of an industrialized deportation machine...
EUVD-2025-21556
Malicious code in bioql PyPI...
PT-2025-39765
Name of the Vulnerable Software and Affected Versions WordPress Search Exclude plugin versions up to and including 2.5.7 Description The WordPress Search Exclude plugin contains a flaw that allows unauthorized modification of data. This is due to an inadequate capability check within the Base::ge...
CVE-2025-6981
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of...
CVE-2025-6981
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of...
CVE-2025-6981
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of...
CVE-2025-6981 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of...
CVE-2025-6981 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only access
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of...
CVE-2025-6981
CVE-2025-6981 describes an incorrect authorization vulnerability in GitHub Enterprise Server that allowed unauthorized read access to internal repositories for contractor accounts when the Contractors API feature was enabled. The issue affected all versions prior to 3.18 and has been fixed in ver...
PT-2025-29685 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.18 GitHub Enterprise Server versions 3.14.15 GitHub Enterprise Server versions 3.15.10 GitHub Enterprise Server versions 3.16.6 GitHub Enterprise Server versions 3.17.3 Description: An incorrect...
Biden Signs New Cybersecurity Order
President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details: The core of the executive order is an array of mandates for protecting government networks...
Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks
A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. "Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims' data and then destroy their infrastructure with a...
-=TWELVE=- is back
In the spring of 2024, posts with real people's personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as we investigated a late June 2024 attack, we found that...
U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals
The U.S. Department of Justice DoJ on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense,...
vancouvergeneralcontractors.com Cross Site Scripting vulnerability OBB-3912320
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture
The U.S. Department of Justice DoJ on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including th...
Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies
An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. "The actors behind...
Moving past MOVEit
The MOVEit hack resembles successful cyberattacks from the past, leading us to ask if federal agencies and contractors are using all the tools, methods, and technologies available to ward off the same type of cyberattacks...
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running campaign called DeathNote. While the nation-state adversary is known for persistently singling out the cryptocurrency sector, recent...