Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in minimatch (CVE-2026-26996)

Summary A Regular Expression Denial of Service ReDoS vulnerability in the minimatch pattern matching library CVE-2026-26996 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 5.1.8. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch i...

SourceCodester CET Automated Grading System with AI Predictive Analytics 安全漏洞

SourceCodester CET Automated Grading System with AI Predictive Analytics is an open-source English language assessment system based on artificial intelligence predictive analytics, developed by SourceCodester. Version 1.0 of the SourceCodester CET Automated Grading System with AI Predictive...

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, su...

Measuring Onion Website Discovery and Tor Users' Interests with Honeypots

Tor enables anonymous web browsing and access to anonymous onion websites. Prior work has focused on crawling and content analysis rather than on what users actually try to access. Our honeypot approach measures engagement across onion-site categories, revealing behavioral interest rather than...

CVE-2018-25166 Meneame English Pligg 5.8 SQL Injection via search Parameter

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

Meneame English Pligg SQL注入漏洞

Meneame English Pligg is a social news website aggregation script developed by the Meneame community. Version 5.8 of Meneame English Pligg contains an SQL injection vulnerability. This vulnerability stems from the search parameter in the index.php file, which allows for SQL injections, potentiall...

CVE-2025-67500

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

CVE-2025-67500

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

CVE-2025-67500

CVE-2025-67500 affects Mastodon prior to fixed versions: 4.2.28, 4.3.15, 4.4.10 and 4.5.3. The issue stems from error-handling discrepancies that let an attacker determine whether a private status exists by sending a request with a non-English Accept-Language header; it does not reveal the status...

CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

CVE-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

MAL-2025-188258 Malicious code in new-optimize-async-spy-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b1c7a23fc78fcdeadaf377309af5ca61840ff7fca1e1debb675390e587536c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in galaxy-blueshift-astrometry-quantumfoam (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c73a4c693491673fc8c94de7e4e6149530af1635a4e9230317c4fbb26d2a08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hermes-dactyl-canopus-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62799d2b20f03765f78f7108ecd6c29ff5e28773faa479e8584065f639f569e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleoclimatology-draco-backend-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdaa0bdc30656057f5e04b2da3574851ff0ee47c443373d7c23e7650c44b40a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in relay-neutrino-procyon-stratigraphy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b46d1421bf767e864fb70e46a380881c11baaf943274c94aeff70da06d51a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meteor-deneb-phoebe-paleoanthropology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e503587813565ccf9b93395be34e61ce05fd7b6a71e5c4f6f1bc95a90b27696 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in assert-analyze-authorize-awk-eta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22c630eccb84be45213459c6615f3f2e1a07d5142b357a8e728754031a1209dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jovian-development-meissa-configstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 368fd919ca26defdbec74d1137345199e4f402a0faa4c12e098c42d47af0bd7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...