17 matches found
Wardriving assessment across Mexico: Preparing for the 2026 World Cup
Introduction Mexico is one of the host countries for the 2026 FIFA World Cup, with matches to be played in three major cities: Mexico City, Monterrey, and Guadalajara. These locations are expected to see a large influx of international visitors, increasing the potential security risks. Many of...
Analysis of Personal Data Exposure in Thailand
In the digital era, personal data, particularly sensitive identifiers such as the Social Security Number and National Identification Number, have become a highly valuable asset, raising significant concerns regarding privacy and security. This study examines the risks associated with the online...
Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report
API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure. In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface fo...
Researchers Warn of Data Exposure Risks in Claude Chrome Extension
Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers...
EUVD-2018-12053
Malware in sbrugna...
EUVD-2023-40400
Malicious code in bioql PyPI...
Evolving Enterprise Defense to Secure the Modern AI Supply Chain
The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and...
PT-2025-31861 · Axelor · Axelor
Name of the Vulnerable Software and Affected Versions: Axelor version 5.2.4 Description: A Boolean-based SQL injection issue exists in Axelor version 5.2.4 through the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data...
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details - base64 encoded content of non-allowed files is exposed using ?inline&import originally...
TikTok: Major investigation launched into platform’s use of children’s data
TikTok is the subject of yet another major investigation, reports BBC News. This time around, the UK’s Information Commissioner's Office ICO is going to look at how the data of 13 to 17-year-olds feeds the algorithm that decides what further content to show. The ICO introduced a children’s code f...
WebSocket Unencrypted Traffic
WebSocket is a protocol used by modern web application to allow full duplex communication between clients and servers for real-time web applications. By default, WebSocket protocol does not use any encryption when using the base ws:// URL scheme, leaving it open to man-in-the-middle attacks. No...
ABB ASPECT System
SUMMARY ABB became aware of vulnerabilities in the product versions listed as affected in the advisory. ASPECT devices are not intended to be internet-facing. A product advisory issued in June 2023 informed cus-tomers of this parameter. An attacker can successfully exploit these vulnerabilities...
PT-2023-33034 · Unknown · Rusty-Paseto +1
Name of the Vulnerable Software and Affected Versions: ed25519-dalek versions prior to 2.0 rusty-paseto versions prior to 0.6.0 Description: The issue arises from a "Double Public Key Signing Function Oracle Attack" affecting the ed25519-dalek crate, which is a dependency of the rusty-paseto crat...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
CGI bugs
No description provided...
TFTP Long Filename Vulnerability
...
CVE-2025-1803
...