Obelix: Mitigating Side-Channels through Dynamic Obfuscation

Trusted execution environments TEEs offer hardware-assisted means to protect code and data. However, as shown in numerous results over the years, attackers can use side-channels to leak data access patterns and even single-step the code. While the vendors are slowly introducing hardware-based...

[SECURITY] Fedora 43 Update: prometheus-podman-exporter-1.18.1-1.fc43

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview @digitalocean/do-markdownit is a Markdown-It plugin for the DigitalOcean Community. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the callout and fenceenvironment plugins when allowedClasses or allowedEnvironments is...

GHSA-2H8J-8R9P-849F @digitalocean/do-markdownit has Type Confusion vulnerability

Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...

@digitalocean/do-markdownit has Type Confusion vulnerability

Overview A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fenceenvironment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

CVE-2025-59717

In the @digitalocean/do-markdownit package through 1.16.1 in npm, the callout and fenceenvironment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string instead of an array...

Wazuh 4.13.0

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

PT-2025-38507

Name of the Vulnerable Software and Affected Versions @digitalocean/do-markdownit versions through 1.16.1 Description The callout and fence environment plugins in the @digitalocean/do-markdownit package perform .includes substring matching if allowedClasses or allowedEnvironments is a string...

CVE-2025-59717

The CVE concerns the @digitalocean/do-markdownit package (through v1.16.1). The callout and fence_environment plugins treat allowedClasses/allowedEnvironments as strings by using a substring check, instead of requiring an array. This leads to a type confusion-like behavior and potential bypass of...

Automated Cyber Defense with Generalizable Graph-Based Reinforcement Learning Agents

Deep reinforcement learning RL is emerging as a viable strategy for automated cyber defense ACD. The traditional RL approach represents networks as a list of computers in various states of safety or threat. Unfortunately, these models are forced to overfit to specific network topologies, renderin...

GHSA-X7HR-W5R2-H6WG vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips, kibana...

CVE-2025-59331

is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...

CVE-2025-59162

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added...

Frappe Learning 跨站脚本漏洞

Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning version 2.34.1 and prior versions, which stems from not adequately cleaning up uploaded content in personal profiles, and could lead to ...

The API Battleground: Why APIs are the new frontline—and how to stop the stealthiest attacks

APIs used to be the quiet backstage crew that made apps feel magical. Now attackers have learned the script — they walk onstage, deliver perfectly polite lines, and walk off with the props. In H1 2025 Imperva observed 40,000+ API incidents across 4,000+ monitored environments , including an...

BIT-GITLAB-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...