CVE-2026-40841

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

Syft 安全漏洞

Syft is an open-source remote data analysis tool developed by OpenMined, designed for protecting data privacy. Versions of Syft 0.9.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from inadequate validation of Python code submitted by users and insufficient sandbox...

Attacks and Mitigations for Distributed Governance of Agentic AI under Byzantine Adversaries

Agentic AI governance is a critical component of agentic AI infrastructure ensuring that agents follow their owner's communication and interaction policies, and providing protection against attacks from malicious agents. The state-of-the-art solution, SAGA, assumes a logically centralized point o...

Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image

A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services...

Age Verification in the Web -- Holy Grail to Control Access to Restricted Content

Age verification before accessing restricted content is critical to protecting minors from exposure to harmful material such as pornography, gambling, violence, hateful speech, and substance purchases like alcohol and tobacco. Currently, the absence of reliable age-checking mechanisms allows...

WordPress Anti-Spam Protection – No API Key, GDPR Friendly plugin <= 2.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Anti-Spam by Fullworks : GDPR Compliant Spam Protection versions = 2.3.7...

CTEM for Telecom Companies

Protect Network Infrastructure. Prevent Service Disruption. Secure 5G, IoT, and Subscriber Data. Telecommunications companies operate the most interconnected infrastructure on the planet. Your networks carry voice, data, and critical services for millions of subscribers, enterprises, and governme...

Analysis of Personal Data Exposure in Thailand

In the digital era, personal data, particularly sensitive identifiers such as the Social Security Number and National Identification Number, have become a highly valuable asset, raising significant concerns regarding privacy and security. This study examines the risks associated with the online...

Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-backend-rhel9 container image

A new satellite/iop-advisor-backend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...

Delete doesn’t mean gone. Here’s how File Shredder fixes that

You have done it a thousand times. Right-click. Delete. Empty Trash. Done. Except it's not done. That file, your tax return, your private photos, that EmbezzlementPlan.doc… it's all still sitting on your drive. Invisible to you, but not to anyone with a $30 recovery tool downloaded from the...

Canada Needs Nationalized, Public AI

Canada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Sovereign AI Compute Strategy. Will any value generated by "sovereign AI" be captured in Canada, making a difference in the lives of Canadians, or is this...

Security Bulletin: IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions (CVE-2025-13734)

Summary IBM Engineering Requirements Management DOORS Next could allow an authenticated user to view and edit data beyond their assigned access permissions. This issue occurs due to insufficient authorization enforcement. An attacker with valid credentials could exploit this vulnerability to gain...

Reddit, porn sites fined by UK regulators over children’s safety and privacy

The UK’s online safety and privacy regulators are targeting companies that violate new age verification laws at both ends : Porn sites that did not keep children out, and mainstream platforms that profited from children coming in. On February 23, media regulator Ofcom fined porn operators that...

CVE-2025-70147

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...

AMD EPYC 9005 Series 安全漏洞

The AMD EPYC 9005 Series is a series of processors developed by American semiconductor company AMD. The AMD EPYC 9005 Series contains security vulnerabilities, which stem from insufficient access control granularity, potentially leading to the loss of confidentiality for certain data...

One privacy change I made for 2026 (Lock and Code S07E02)

This week on the Lock and Code podcast … When you hear the words "data privacy," what do you first imagine? Maybe you picture going into your social media apps and setting your profile and posts to private. Maybe you think about who you've shared your location with and deciding to revoke some of...

CVE-2025-68073 WordPress GDPR CCPA Compliance Support plugin <= 2.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.4...

CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

PDPL Metric: Validating a Scale to Measure Personal Data Privacy Literacy among University Students

Personal data privacy literacy PDPL refers to a collection of digital literacy skills related to an individuals ability to understand, evaluate, and manage the collection, use, and protection of personal data in online and digital environments. This study introduces and validates a new psychometr...

CVE-2025-14432 Poly Video - Sensitive Data Might Be Written to Log File

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...