BIT-DISCOURSE-2025-24972 Discourse may bypass user preference when adding users to chat groups

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

SignalGate Is Driving the Most US Downloads of Signal Ever

Scandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption—its “largest US growth moment by a massive margin.”...

CVE-2025-24972

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

ROS-20250326-01

Pidgin instant messaging vulnerability is related to DNS response spoofing and redirecting client connections to a malicious server. redirecting client connections to a malicious server. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service to an...

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust

Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border...

[SECURITY] Fedora 42 Update: mosquitto-2.0.21-1.fc42

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version v5 and 3.1.x. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

The vulnerability of the corporate messaging system ROSSAT, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to read, modify, or delete data.

The vulnerability of the corporate messaging system ROSSAT is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to read, modify, or delete data by sending a specially crafted GET request...

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

The GSM Association GSMA has formally announced support for end-to-end encryption E2EE for securing messages sent via the Rich Communications Services RCS protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new...

CVE-2025-26634

Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network...

Malicious code in messaging-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fec082e41ee10acbec950c120b5c9c4a3184fbe0ce6995a3da0356c826601e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2343 Malicious code in messaging-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d9fec082e41ee10acbec950c120b5c9c4a3184fbe0ce6995a3da0356c826601e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

IBM MQ Code Execution Vulnerability (CNVD-2025-05563)

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A code execution vulnerability exists in IBM MQ that stems from improper escape character...

IBM MQ Code Issues Vulnerabilities

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A code issue vulnerability exists in IBM MQ that stems from improper exception condition checking and...

IBM MQ Denial of Service Vulnerability (CNVD-2025-05564)

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A denial of service vulnerability exists in IBM MQ that stems from improper handling of invalid heade...

The vulnerability of the Windows Core Messaging component in Windows operating systems allows a perpetrator to elevate their privileges to a system-level level.

The vulnerability of the Windows Core Messaging component in Windows operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

How to Use Signal Encrypted Messaging

The best end-to-end encrypted messaging app has a host of security features. Here are the ones you should care about...

CVE-2025-21847 ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sofipcmsgdata The nullity of sps-cstream should be checked similarly as it is done in sofsetstreamdataoffset function. Assuming that it is not NULL if sps-stream is NULL is...

The vulnerability of the MFlash secure data exchange platform lies in the lack of mechanisms for neutralizing elements related to CSV files, allowing attackers to execute arbitrary commands.

The vulnerability of the MFlash secure messaging platform is related to the lack of mechanisms for neutralizing elements related to CSV files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the MFlash secure data exchange platform lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the MFlash secure messaging platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially crafted HTML code...

The vulnerability of the MFlash secure data exchange platform lies in its insufficient authentication attempt limitation, which allows a perpetrator to gain unauthorized access to the platform.

The vulnerability of the MFlash secure messaging platform is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the platform...