CVE-2025-10867 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests...

cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10952 via ml-logger (=0.10.36)

ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10952 Source advisory: OSV:GHSA-9X36-C74V-FGR6...

cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10952 via ml-logger (=0.10.36)

ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10952 Source advisory: SNYK:PYTHON-MLLOGGER-1311003...

cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10951 via ml-logger (=0.10.36)

ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10951 Source advisory: OSV:GHSA-8X9J-2P8R-7XC6...

cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10950 via ml-logger (=0.10.36)

ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10950 Source advisory: SNYK:PYTHON-MLLOGGER-1311002...

cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10950 via ml-logger (=0.10.36)

ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10950 Source advisory: OSV:GHSA-57HM-8RJV-498W...

cde (=0.2.0.1), env-wrappers (>=0.1.1 <=0.1.22) +1 more potentially affected by CVE-2025-10951 via ml-logger (=0.10.36)

ml-logger PYPI version =0.10.36 is affected by a known vulnerability. The following packages have a transitive dependency on ml-logger and may be impacted: - cde =0.2.0.1 - env-wrappers =0.1.1, =0.1.22 - graph-search =0.1.0 Source cves: CVE-2025-10951 Source advisory: SNYK:PYTHON-MLLOGGER-1311002...

EvoMail: Self-Evolving Cognitive Agents for Adaptive Spam and Phishing Email Defense

Modern email spam and phishing attacks have evolved far beyond keyword blacklists or simple heuristics. Adversaries now craft multi-modal campaigns that combine natural-language text with obfuscated URLs, forged headers, and malicious attachments, adapting their strategies within days to bypass...

Retail at risk: How one alert uncovered a persistent cyberthreat​​

In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing security compromises in the past year, the risks for businesses continue to increase...

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

A critical token validation failure in Microsoft Entra ID previously Azure Active Directory could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241 , has been assigned the maximum CVSS score of 10.0. It...

State-Of-The-Art in Software Security Visualization: a Systematic Review

Software security visualization is an interdisciplinary field that combines the technical complexity of cybersecurity, including threat intelligence and compliance monitoring, with visual analytics, transforming complex security data into easily digestible visual formats. As software systems get...

Self-Supervised Learning of Graph Representations for Network Intrusion Detection

Detecting intrusions in network traffic is a challenging task, particularly under limited supervision and constantly evolving attack patterns. While recent works have leveraged graph neural networks for network intrusion detection, they often decouple representation learning from anomaly detectio...

Automated Cyber Defense with Generalizable Graph-Based Reinforcement Learning Agents

Deep reinforcement learning RL is emerging as a viable strategy for automated cyber defense ACD. The traditional RL approach represents networks as a list of computers in various states of safety or threat. Unfortunately, these models are forced to overfit to specific network topologies, renderin...

CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

Linux Distros Unpatched Vulnerability : CVE-2022-50309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: xilinx: vipp: Fix refcount leak in xvipgraphdmainit ofgetchildbyname returns a node pointer with refcount incremented, we should use ofnodeput on it when...

SUSE CVE-2025-39829

In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftracesuspendnotifiercall already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:2...

MAL-2025-47327 Malicious code in mcp-knowledge-graph (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e385978fdd606a1cfafadbcf800ed35523992d9a683305fcca51a6f12ea8b0f Any computer that has this package installed or running should be considered fully compromised. All...

AZL-71209 CVE-2025-39829 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftracesuspendnotifiercall already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:2...

DEBIAN-CVE-2025-39829

In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftracesuspendnotifiercall already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:2...

CVE-2025-39829

In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftracesuspendnotifiercall already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:2...