CVE-2525-55234

creationtimestamp| type| source ---|---|--- 2025-09-10 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1634...

AI in Government

Just a few months after Elon Musk's retreat from his unofficial role leading the Department of Government Efficiency DOGE, we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Ev...

My Latest Book: Rewiring Democracy

I am pleased to announce the imminent publication of my latest book, Rewiring Democracy: How AI will Transform our Politics, Government, and Citizenship: coauthored with Nathan Sanders, and published by MIT Press on October 21. Rewiring Democracy looks beyond common tropes like deepfakes to exami...

Malicious code in government-doing-union (npm)

The package government-doing-union was found to contain malicious code...

MAL-2025-44455 Malicious code in government-doing-union (npm)

The package government-doing-union was found to contain malicious code...

CVE-2025-7385 SQL Injection in GOV CMS

Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected...

PT-2025-35937

Name of the Vulnerable Software and Affected Versions: GOV CMS versions prior to 4.0 Description: The input from the search query parameter in GOV CMS is not properly sanitized, leading to a Blind SQL injection. This could be exploited by an unauthenticated remote attacker. Recommendations: Ensur...

Concept Intermedia GOV CMS SQL注入漏洞

Concept Intermedia GOV CMS is a content management system for the public sector from Concept Intermedia, Poland. A SQL injection vulnerability exists in Concept Intermedia GOV CMS versions prior to 4.0, which stems from improperly cleaned search query parameters and could lead to a blind SQL...

Claude AI chatbot abused to launch “cybercrime spree”

Anthropic—the company behind the widely renowned coding chatbot, Claude—says it uncovered a large-scale extortion operation in which cybercriminals abused Claude to automate and orchestrate sophisticated attacks. The company issued a Threat Intelligence report in which it describes several...

Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence AI-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025. "The actor targeted at least 17 distinct organizations, including in...

ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific APAC. According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration...

Qualys Achieves FedRAMP® High ATO: Unlocking the Future of Trusted Cybersecurity for Government and Critical Infrastructure

Today, federal agencies and their technology partners are operating in the most scrutinized risk environment in history. The stakes are clear: a breach in high-impact systems – those holding national security, healthcare, or financial data – can result in loss of life, catastrophic economic damag...

Blind Eagle's Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government acros...

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

The advanced persistent threat APT actor known as Transparent Tribe has been observed targeting both Windows and BOSS Bharat Operating System Solutions Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities. "Initial access is achieved through...

CISA: FY 2025 Tribal Cybersecurity Grant Program FAQs

This is the CISA FAQ for the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments addressing cybersecurity risks and threats to their information systems. This is an updated copy...

US Government Seeks Medical Records of Trans Youth

Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere...

CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)

CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...

Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database

Nearly a million records, which appear to be linked to a medical-cannabis-card company in Ohio, included Social Security numbers, government IDs, health conditions, and more...

Wiz Completes IRAP Assessment to Support Australian Government Cloud Security

Empowering Australian government agencies with enhanced cloud security...

U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback

The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S. citizens. U.S. Director of National Intelligence DNI Tulsi Gabbard, in a statement posted on X, said the U.S...