CVE-2025-31689 General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

PT-2025-13952 · Apple · Macos Sonoma +3

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.7.5 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 Description: The issue allows an app to access protected user data due to insufficient validation of symlinks. Recommendations:...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that stems from insufficient data protection and could result in applications accessing sensitive user data...

About the security content of macOS Sequoia 15.4

About the security content of macOS Sequoia 15.4 This document describes the security content of macOS Sequoia 15.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

About the security content of iOS 18.4 and iPadOS 18.4

About the security content of iOS 18.4 and iPadOS 18.4 This document describes the security content of iOS 18.4 and iPadOS 18.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the Snowflake JDBC driver

Summary Multiple vulnerabilities in the Snowflake JDBC driver that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A remote...

The vulnerability of the typec_altmode_release() function in the drivers/usb/typec/class.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the typecaltmoderelease function in the drivers/usb/typec/class.c module of the Linux kernel is related to the pointer being dereferenced after its expiration. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...

Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats

Cybersecurity threats are evolving at an unprecedented pace, leaving organizations vulnerable to large-scale attacks. Security breaches and data…...

AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface

Organizations now use an average of 112 SaaS applications —a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microso...

Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence GenAI...

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom Workplace, SDK, Room clients, and Room controllers’ software relates to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

AI innovation requires AI security: Hear what’s new at Microsoft Secure

When you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data while ensuring AI systems remain...

How to Permanently and Securely Delete Photos from an iPhone

Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting…...

The vulnerability of the Fortinet FortiNAC access control device lies in the lack of measures taken at the management level to protect data. This allows attackers to copy local device files into local directories.

The vulnerability of the Fortinet FortiNAC network access control device is related to the lack of measures taken to protect data at the management level. Exploiting this vulnerability allows a malicious actor to copy device local files into local directories by connecting to the tcp/5555 port...

SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security...

The vulnerability of video surveillance cameras for monitoring and surveillance systems, related to insufficient protection of operational data, allows intruders to gain unauthorized access to protected information.

The vulnerability of video surveillance cameras for monitoring and surveillance systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an unauthorized intruder to gain unauthorized access to protected information...

The vulnerability of the cmd/go component of the GOAUTH function in the Golang programming language library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the cmd/go function GOAUTH in the Golang programming language library is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE arises from the lack of proper input validation when requesting external server authentication. This allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE stems from the lack of proper input sanitization when requesting external server authentication. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the MoTw mechanism in Windows operating systems allows attackers to circumvent existing security restrictions and gain access to encrypted data.

The vulnerability of the MoTe-Web mechanism in Windows operating systems is related to a breach of data protection mechanisms. Exploiting this vulnerability allows attackers to circumvent existing security restrictions and gain access to encrypted data...

WordPress plugin GDPR Cookie Compliance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...