CVE-2025-55740

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

CVE-2025-55740

CVE-2025-55740 affects nginx-defender, a WAF/threat-detection system. The vulnerability is a configuration flaw where default credentials in example files (config.yaml and docker-compose.yml) are left unchanged (default_password: change_me_please; GF_SECURITY_ADMIN_PASSWORD=admin123). If exposed ...

CVE-2025-55740 Default Credentials in nginx-defender Configuration Files

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

CVE-2025-55740 Default Credentials in nginx-defender Configuration Files

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

PT-2025-33862 · Unknown · Nginx-Defender

Name of the Vulnerable Software and Affected Versions: nginx-defender versions prior to 1.5.0 Description: nginx-defender deployments are susceptible to a configuration issue due to the presence of default credentials in example configuration files, such as config.yaml and docker-compose.yml. The...

nginx-defender 安全漏洞

nginx-defender is a lightweight real-time log monitoring tool from the individual developer Anish Paleja. A security vulnerability exists in nginx-defender, which stems from the fact that default credentials may lead to bypassing security protections...

Default Credentials in nginx-defender Configuration Files

This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these defaults,...

Security Bulletin: Insufficiently protected credentials and improper output neutralization for logs might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to insufficiently protected credentials and improper output neutralization for logs. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing...

Searching for Privacy Risks in LLM Agents Via Simulation

The widespread deployment of LLM-based agents is likely to introduce a critical privacy threat: malicious agents that proactively engage others in multi-turn interactions to extract sensitive information. These dynamic dialogues enable adaptive attack strategies that can cause severe privacy...

Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 2025

We’re honored that the Pwnie Awards recognized the Qualys Threat Research Unit TRU with two wins at Black Hat/DEF CON this year—Best RCE for regreSSHion CVE-2024-6387 and Epic Achievement for our multi-year work uncovering issues in OpenSSH, including CVE-2025-26465. Awards are nice; what matters...

Announcing public preview: Phishing triage agent in Microsoft Defender

Intelligent triage for a more agile, autonomous SOC At Microsoft Secure 2025, we introduced a new wave of innovations across Microsoft Defender aimed at redefining what AI can do for security operations. At the center of these announcements was the launch of 11 Security Copilot agents, each...

Isolate Trigger: Detecting and Eradicating Evade-Adaptive Backdoors

All current detection of backdoor attacks on deep learning models fall under the category of a non essential featuresNEF, which focus on fighting against simple and efficient vertical class backdoor -- trigger is small, few and not overlapping with the source. Evade-adaptive backdoor EAB attacks...

Elevate your protection with expanded Microsoft Defender Experts coverage

Defender Experts now offers 24/7, expert-driven protection for cloud workloads, beginning with hybrid and multicloud servers in Microsoft Defender for Cloud. Additionally, third-party network signals can be used in Microsoft Defender Experts for XDR to enhance incidents for faster and more accura...

PT-2025-31774 · Undefined · Undefined

hey @Microsoft when Defender started scanning for non-malicious documents like pandemic compliance forms, it crossed from security into behavioral monitoring. Microsoft's transparency failures around this documented in CVE-2020-16883 validated many professionals' concerns...

Secure Tug-Of-War (SecTOW): Iterative Defense-Attack Training with Reinforcement Learning for Multimodal Model Security

The rapid advancement of multimodal large language models MLLMs has led to breakthroughs in various applications, yet their security remains a critical challenge. One pressing issue involves unsafe image-query pairs--jailbreak inputs specifically designed to bypass security constraints and elicit...

Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continu...

Security Bulletin: Deserialization of untrusted data, path traversal, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to deserialization of untrusted data, path traversal, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit...

Security Bulletin: Critical Fixes for IBM Storage Defender - Data Protect included in 2.0.15

Summary IBM Storage Defender - Data Protect is vulnerable to CVE-2024-48910 and CVE-2024-47875. Fixes for these CVEs are included in version 2.0.15. Vulnerability Details CVEID:CVE-2024-48910 DESCRIPTION: DOMPurify could allow a remote authenticated attacker to execute arbitrary code on the syste...

Exploit for Deserialization of Untrusted Data in Microsoft

ZeroPoint.ps1 ⚠ A defensive PowerShell utility to detect an...

Transparency on Microsoft Defender for Office 365 email security effectiveness

In today’s world, cyberattackers are relentless. They are often well-resourced, highly sophisticated, and constantly innovating, which means the effectiveness of cybersecurity solutions must be continuously evaluated, not assumed. Yet, despite the critical role email security plays in protecting...