PT-2025-27026 · Undefined · Undefined

🚨 Critical flaw in Open VSX Registry CVE-2025-29182 Malicious extensions could hijack dev environments! ⚠️ 180K+ daily users at risk. Patched now—if you're using Eclipse Theia or any Open VSX-based IDE, update ASAP. CyberSecurity SupplyChain PatchNow...

CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...

CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...

CVE-2025-48991 Tuleap missing CSRF protection on tracker canned responses administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

CVE-2025-48991 Tuleap missing CSRF protection on tracker canned responses administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

What LLMs Know About Their Users

Simon Willison talks about ChatGPT's new memory dossier feature. In his explanation, he illustrates how much the LLM--and the company--knows about its users. It's a big quote, but I want you to read it all. Here's a prompt you can use to give you a solid idea of what's in that summary. I first sa...

[SECURITY] Fedora 41 Update: qt6-qtbase-6.8.3-2.fc41

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

RLSA-2024:11185 Moderate: edk2:20220126gitbb1bba3d77 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Integer overflows in PeCoffLoaderRelocateImage CVE-2024-38796 For more details about the security issues, including th...

New Guidance Released for Reducing Memory-Related Vulnerabilities

Today, CISA, in partnership with the National Security Agency NSA, released a joint guide on reducing memory-related vulnerabilities in modern software development. Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages MS...

[SECURITY] Fedora 41 Update: dotnet9.0-9.0.107-1.fc41

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Pushing the Limits of Safety: a Technical Report on the ATLAS Challenge 2025

Multimodal Large Language Models MLLMs have enabled transformative advancements across diverse applications but remain susceptible to safety threats, especially jailbreak attacks that induce harmful outputs. To systematically evaluate and improve their safety, we organized the Adversarial Testing...

The New Frontline: Why DevOps Became a Cyber Target

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Your developers didn't become...

Mattel’s going to make AI-powered toys, kids’ rights advocates are worried

Toy company Mattel has announced a deal with OpenAI to create AI-powered toys, but digital rights advocates have urged caution. In a press release last week, the owner of the Barbie brand signed a "strategic collaboration" with the AI company, which owns ChatGPT. "By using OpenAI's technology,...

Secure Vibe Coding: The Complete New Guide

DALL-E for coders? That's the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect...

[SECURITY] Fedora 42 Update: python-django5-5.2.2-1.fc42

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 41 Update: python-django5-5.1.10-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Malicious code in kucoin-universal-sdk-example (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-5074 Malicious code in build-react-wrapper (npm)

--- -= Per source details. Do not edit below this line.=-...

Leaking Secrets in the Age of AI

How has AI-assisted development impacted secrets leakage? Learn the new patterns and emerging trends...

[SECURITY] Fedora 41 Update: python-django4.2-4.2.22-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...