The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insecure management of privileges. This allows attackers to escalate their privileges and gain access to create, modify, or delete files.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments in VMware Avi Load Balancer is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges and gain access to create, modify, or delete...

The vulnerability of the Queue Manager, a software tool for managing containerized environments by IBM MQ Operator, allows a intruder to cause a service failure.

The vulnerability of the Queue Manager, a software tool for managing containerized environments in IBM MQ Operator, relates to the use of memory after it is released. Exploiting this vulnerability could allow an attacker to cause service interruptions...

[SECURITY] Fedora 41 Update: deluge-2.2.0-1.fc41

Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT Distributed Hash Tables, PEX =C2=B5Torrent-compatible Peer Exchange, and UPnP...

PT-2025-20470 · Wgp · Wgp

Name of the Vulnerable Software and Affected Versions: wgp crate versions 0.2.0 and earlier Description: The issue is related to the lack of drop slow thread synchronization in the inner::drop function within the inner.rs file of the wgp crate for Rust. This synchronization issue may lead to...

Wazuh 4.12.0

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

What Analyzing Hundreds of Thousands of Cloud Environments Taught Us About Data Exposure

Wiz Research reveals the latest cloud data security trends across hundreds of thousands of real-world environments...

Applied Post Quantum Cryptography: a Practical Approach for Generating Certificates in Industrial Environments

The transition to post-quantum cryptography PQC presents significant challenges for certificate-based identity management in industrial environments, where secure onboarding of devices relies on long-lived and interoperable credentials. This work analyzes the integration of PQC into X.509...

Do Not Install Development and Compilation Tools

Compilation tools in the service environment may be exploited by attackers to edit, tamper with, and perform reverse analysis on key files in the environment. Therefore, in the production environment, do not install compilation, decompilation, binary analysis tools, and compilation environments...

Attestable Builds: Compiling Verifiable Binaries on Untrusted Systems Using Trusted Execution Environments

In this paper we present attestable builds, a new paradigm to provide strong source-to-binary correspondence in software artifacts. We tackle the challenge of opaque build pipelines that disconnect the trust between source code, which can be understood and audited, and the final binary artifact,...

PT-2025-18670 · Gotenna · Gotenna Mesh

Name of the Vulnerable Software and Affected Versions: goTenna Mesh versions 5.5.3 and firmware 1.1.12 Description: An issue was discovered that allows the injection of custom messages into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the...

openSUSE Security Advisory (SUSE-SU-2025:1381-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cifs-utils (SUSE-SU-2025:1381-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1381-1 advisory. - CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments...

Security update for cifs-utils

This update for cifs-utils fixes the following issues: CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials bsc1239680 Patch Instructions: To install this SUSE update use the SUSE recommended installation...

SEIKO EPSON printer drivers 安全漏洞

SEIKO EPSON printer drivers are a series of printer drivers from the Japanese company SEIKO EPSON. A security vulnerability exists in SEIKO EPSON printer drivers that originates from improperly set access rights in non-English environments, which could lead to the execution of arbitrary code...

Trusted Compute Units: a Framework for Chained Verifiable Computations

Blockchain and distributed ledger technologies DLTs facilitate decentralized computations across trust boundaries. However, ensuring complex computations with low gas fees and confidentiality remains challenging. Recent advances in Confidential Computing -- leveraging hardware-based Trusted...

THE NEW Rapid7 MDR for Enterprise: Tailored Detection and Response for Complex Environments

Complex ecosystems. Custom applications. Specialized log sources. Distributed operations. Enterprise security leaders aren’t just defending against threats—they’re navigating a fragmented environment where visibility, coverage, and coordination are constant challenges. Our MDR service provides...

Understanding the threat landscape for Kubernetes and containerized assets

The dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undetected. Microsoft Threat Intelligence has observed threat actors taking advantage of unsecured...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Video Tutorial !CVE-2025-24071 Demohttps://img.youtube.co...

[SECURITY] Fedora 41 Update: prometheus-podman-exporter-1.16.0-1.fc41

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 42 Update: prometheus-podman-exporter-1.16.0-1.fc42

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...