Qualys Named as a Major Player in the IDC MarketScape: Worldwide Cloud-Native Application Protection Platform, 2025

We’re proud to share that Qualys has been recognized as a Major Player in the IDC MarketScape: Worldwide Cloud-Native Application Protection Platform 2025 Vendor Assessment doc US53549925, June 2025. We believe this recognition reinforces our commitment to delivering game-changing innovation that...

Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open

Understanding the risks and impact of deploying dev-mode in production environments...

Qualys Named an Overall Leader in CNAPP by KuppingerCole

We’re proud to share that Qualys has been named an Overall Leader in the 2025 KuppingerCole Leadership Compass for Cloud-Native Application Protection Platforms CNAPP—achieving leadership positions in both product and market presence. This recognition validates our commitment to delivering truste...

microcode_ctl: From CVEorg collector

A flaw was found in the Branch Prediction Unit BPU of Intel's Lion Core CPUs that make it possible for an attacker to bypass Indirect Branch Predictor Barrier IBPB protections. By employing branch predictor training techniques as described in the "Training Solo" publication, an attacker with loca...

microcode_ctl: From CVEorg collector

A flaw was found in the Branch Prediction Unit BPU of Intel's Lion Core CPUs that make it possible for an attacker to bypass Indirect Branch Predictor Barrier IBPB protections. By employing branch predictor training techniques as described in the "Training Solo" publication, an attacker with loca...

CVE-2025-49520 Event-driven-ansible: authenticated argument injection in git url in eda project creation

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...

GHSA-5VHG-9XG4-CV9M tiny-secp256k1 allows for verify() bypass when running in bundled environment

Summary A malicious JSON-stringifyable message can be made passing on verify, when global Buffer is buffer package Details This affects only environments where require'buffer' is E.g.: browser bundles, React Native apps, etc. Buffer.isBuffer check can be bypassed, resulting in strange objects bei...

tiny-secp256k1 allows for verify() bypass when running in bundled environment

Summary A malicious JSON-stringifyable message can be made passing on verify, when global Buffer is buffer package Details This affects only environments where require'buffer' is E.g.: browser bundles, React Native apps, etc. Buffer.isBuffer check can be bypassed, resulting in strange objects bei...

GHSA-7MC2-6PHR-23XC tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

Summary Private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is buffer package Details This affects only environments where require'buffer' is E.g.: browser bundles, React Native apps, etc. Buffer.isBuffer check can be bypassed, resulting in k reuse fo...

Why Trend Micro Continues to be Named a CNAPP Leader

Trend Micro is recognized for our Cloud CNAPP capabilities and product strategy—affirming our vision to deliver a cloud security solution that predicts, protects, and responds to threats across hybrid and multi-cloud environments...

PT-2025-27026 · Undefined · Undefined

🚨 Critical flaw in Open VSX Registry CVE-2025-29182 Malicious extensions could hijack dev environments! ⚠️ 180K+ daily users at risk. Patched now—if you're using Eclipse Theia or any Open VSX-based IDE, update ASAP. CyberSecurity SupplyChain PatchNow...

DEBIAN-CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

RAS-Eval: a Comprehensive Benchmark for Security Evaluation of LLM Agents in Real-World Environments

The rapid deployment of Large language model LLM agents in critical domains like healthcare and finance necessitates robust security frameworks. To address the absence of standardized evaluation benchmarks for these agents in dynamic environments, we introduce RAS-Eval, a comprehensive security...

AndroIDS : Android-Based Intrusion Detection System Using Federated Learning

The exponential growth of android-based mobile IoT systems has significantly increased the susceptibility of devices to cyberattacks, particularly in smart homes, UAVs, and other connected mobile environments. This article presents a federated learning-based intrusion detection framework called...

PT-2025-25649 · Citrix · Netscaler Console +1

Name of the Vulnerable Software and Affected Versions: NetScaler Console and NetScaler SDX SVM affected versions not specified Description: A security issue has been identified, allowing for arbitrary file read. This affects customer-managed environments. Recommendations: At the moment, there is ...

The vulnerability of the IBM Storage Protect data protection software platform for virtual environments lies in its authentication mechanisms’ deficiencies, which allow attackers to circumvent existing security restrictions.

The vulnerability of the IBM Storage Protect data protection software for virtual environments is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions from a remote location...

CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...

CVE-2025-32797

Conda-build before 25.3.1 creates a temporary build script (conda_build.sh) with overly permissive 0o766 permissions. A local attacker with filesystem access can race between creation and execution to overwrite the script, enabling arbitrary code execution under the victim’s privileges. Fedora an...

PT-2025-25580

Name of the Vulnerable Software and Affected Versions conda-build versions prior to 25.3.1 Description The issue in conda-build allows attackers with filesystem access to exploit a race condition and overwrite a temporary build script, potentially leading to arbitrary code execution under the...

CVE-2025-36852

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...