Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate,...

CVE-2022-37144

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...

CVE-2022-37145

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...

EUVD-2024-51050

Malicious code in bioql PyPI...

EUVD-2024-34270

Malicious code in bioql PyPI...

EUVD-2024-34272

Malicious code in bioql PyPI...

EUVD-2022-39798

Malicious code in bioql PyPI...

EUVD-2024-34274

Malicious code in bioql PyPI...

EUVD-2022-39797

Malicious code in bioql PyPI...

EUVD-2024-34343

Malicious code in bioql PyPI...

EUVD-2024-34273

Malicious code in bioql PyPI...

EUVD-2024-34269

Malicious code in bioql PyPI...

EUVD-2022-39799

Malicious code in bioql PyPI...

EUVD-2024-34271

Malicious code in bioql PyPI...

Automation Is Redefining Pentest Delivery

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed...

CVE-2022-37146

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...

CVE-2024-12687

Deserialization of Untrusted Data vulnerability in PlexTrac Runbooks modules which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-12687

Deserialization of Untrusted Data vulnerability in PlexTrac Runbooks modules which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-12687

CVE-2024-12687 describes a deserialization of untrusted data vulnerability in PlexTrac (Runbooks modules) that enables Object Injection and arbitrary file writes. Affected versions are PlexTrac 1.61.3 up to before 2.8.1. The issue arises from deserializing untrusted data, which can lead to high-s...

CVE-2024-12687 Insecure YAML Deserialization

Deserialization of Untrusted Data vulnerability in PlexTrac Runbooks modules which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1...