CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

Twenty Years of Cloud Security Research

This post will look at the past 20 years of cloud security research, separating the two decades into eras with important milestones defined that resulted in the change of one era to the next...

BIT-GITLAB-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

EUVD-2026-11176

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

CVE-2026-0602

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

PT-2026-24711

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It features built-in version control, issue tracking, code review, and CI/CD continuous integration and delivery capabilities. There is a security vulnerability in GitLab, which stems from improper...

Twin-Field Quantum Key Distribution: Protocols, Security, and Open Problems

Twin-Field Quantum Key Distribution TF-QKD has emerged as a potential protocol for long distance secure communication, overcoming the rate-distance limitations of conventional quantum key distribution without requiring trusted repeaters. By having two parties transmit phase encoded weak coherent...

EUVD-2019-4041

Malware in sbrugna...

EUVD-2019-6545

Malware in sbrugna...

EUVD-2019-6547

Malware in sbrugna...

EUVD-2018-20838

Malware in sbrugna...

EUVD-2022-34554

Malicious code in bioql PyPI...

What’s Your Cybersecurity Maturity?

This blog post looks at four key milestones along the cybersecurity maturity journey and poses some questions you can ask to determine the stage of your organization’s progress...

Locus: Agentic Predicate Synthesis for Directed Fuzzing

Directed fuzzing aims to find program inputs that lead to specified target program states. It has broad applications, such as debugging system crashes, confirming reported bugs, and generating exploits for potential vulnerabilities. This task is inherently challenging because target states are...

Linux Distros Unpatched Vulnerability : CVE-2022-2281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows...

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

CVE-2022-0172

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones...

CVE-2019-15577

An information disclosure vulnerability exists in GitLab CE/EE...

Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures

Introduction | Security snapshot | Threat briefing Defending against attacks | Expert profile Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. From blocking imposters on Microsoft Azure and adding anti-scam features to Microsoft Edge, to fightin...