Hitachi Energy MicroSCADA X SYS600

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

The vulnerability in the WebCompat extension of Mozilla browsers, including Mozilla Firefox and Firefox ESR, allows attackers to disclose protected information.

The vulnerability of the WebCompat extension in Mozilla Firefox and Firefox ESR browsers is related to insufficient protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

White House Bans WhatsApp

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the "Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risk...

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the...

Protecting Business Data From Unauthorized Encryption Threats

Your business operates in an online environment where unauthorized encryption of data isn't just possible, it's probable. The…...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.7 security and bug fix update

OpenShift API for Data Protection OADP 1.3.7 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

The vulnerabilities of PDF viewing and editing programs such as Acrobat DC, Acrobat Reader DC, Acrobat 2024, Acrobat 2020, and Acrobat Reader 2020 are related to insufficient protection of operational data. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of PDF viewing and editing programs such as Acrobat DC, Acrobat Reader DC, Acrobat 2024, Acrobat 2020, and Acrobat Reader 2020 are related to insufficient protection of sensitive data. Exploiting these vulnerabilities can allow attackers to gain unauthorized access to protecte...

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer CAO, was motivated by worrie...

The vulnerability of the wdt_startup() function in the drivers/watchdog/sc520_wdt.c module exposes the security of Linux kernel watchdog timer support, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the wdtstartup function in the drivers/watchdog/sc520wdt.c module related to Linux kernel watchdog timer support stems from the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the FileStore::LocalStore component in the Discourse mailing list management software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the FileStore::LocalStore component in the Discourse mailing list management software is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The software for data protection solutions from Dell RecoverPoint for virtual machines is vulnerable due to errors in the use of standard permissions. This allows attackers to gain unauthorized access to protected information.

The vulnerability of Dell RecoverPoint’s data protection software for virtual machines is related to errors in the use of standard permissions. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

A Common Pool of Privacy Problems: Legal and Technical Lessons from a Large-Scale Web-Scraped Machine Learning Dataset

We investigate the contents of web-scraped data for training AI systems, at sizes where human dataset curators and compilers no longer manually annotate every sample. Building off of prior privacy concerns in machine learning models, we ask: What are the legal privacy implications of web-scraped...

The vulnerability of the Windows Shell component in Windows operating systems allows a hacker to bypass security restrictions.

The vulnerability of the Windows Shell component in Windows operating systems is related to a breach of data protection mechanisms. Exploiting this vulnerability allows an attacker to bypass security restrictions remotely...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities.

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-29908 DESCRIPTION: Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map...

Security Bulletin: IBM Guardium Data Protection is affected by a snowflake-jdbc-3.14.0.jar vulnerability (CVE-2024-43382)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A remote authenticated attacker could exploit thi...

Security Bulletin: IBM Guardium Data Protection is affected by multiple kernel vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-26641 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could...

Security Bulletin: IBM Guardium Data Protection is affected by an Incorrect Permission Assignment for Critical Resource vulnerability (CVE-2025-25023)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-25023 DESCRIPTION: IBM Security Guardium could allow a privileged user to read any file on the system due to incorrect privilege assignment. CWE:CWE-266: Incorrect Privilege...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this ca...

Security Bulletin: IBM Guardium Data Protection is affected by a IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities with updates Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities.

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-3440 DESCRIPTION: IBM Security Guardium is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the W...