Elevate your protection with expanded Microsoft Defender Experts coverage

Defender Experts now offers 24/7, expert-driven protection for cloud workloads, beginning with hybrid and multicloud servers in Microsoft Defender for Cloud. Additionally, third-party network signals can be used in Microsoft Defender Experts for XDR to enhance incidents for faster and more accura...

Security Bulletin: IBM Guardium Data Protection is affected by multiple Tomcat vulnerabilities (CVE-2025-24813, CVE-2024-50379)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files...

Security Bulletin: IBM Guardium Data Protection is affected by a Privilege Escalation vulnerability (CVE-2025-3473)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-3473 DESCRIPTION: IBM Security Guardium could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program...

RHSA-2025:12841 Red Hat Security Advisory: gdk-pixbuf2 security update

Bulletin has no description...

Microsoft Bounty Program year in review: $17 million in rewards

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...

CVE-2025-53544

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544

CVE-2025-53544 concerns Trilium Notes prior to 0.97.0, where a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. The app is described as a single-user, username-less system, with...

CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

SUSE SLED15: java-17-openjdk / java-17-openjdk-demo / java-17-openjdk-devel / etc (SUSE-SU-2025:02667-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02667-1 advisory. Upgrade to upstream tag jdk-17.0.16+8 July 2025 CPU: - CVE-2025-30749: several scenarios can le...

Evaluating Software Supply Chain Security in Research Software

The security of research software is essential for ensuring the integrity and reproducibility of scientific results. However, research software security is still largely unexplored. Due to its dependence on open source components and distributed development practices, research software is...

Anti-Tamper Protection for Unauthorized Individual Image Generation

With the advancement of personalized image generation technologies, concerns about forgery attacks that infringe on portrait rights and privacy are growing. To address these concerns, protection perturbation algorithms have been developed to disrupt forgery generation. However, the protection...

PT-2025-31882 · Unknown · Trilium Notes

Name of the Vulnerable Software and Affected Versions: Trilium Notes versions prior to 0.97.0 Description: Trilium Notes is a cross-platform hierarchical note taking application. A brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess...

PT-2025-31970

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 Mitsubishi Electric GENESIS64 all versions Mitsubishi Electric MC Works64 all versions Mitsubishi Electric...

The vulnerability of the Zimbra Collaboration Suite’s corporate email management system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Zimbra Collaboration Suite email management system is related to the lack of measures taken to protect the website structure when importing files into the portfolio. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Linux Distros Unpatched Vulnerability : CVE-2024-40962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes Shin'ichiro reported that...

CVE-2025-38739

Dell Digital Delivery, before version 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability that can allow a remote, unauthenticated attacker to cause Information Disclosure. The flaw affects Dell Digital Delivery software and stems from inadequate credential protection as descr...

Local Government Cybersecurity: Why Municipal Systems Need Extra Protection

Cybersecurity threats to local governments are part of life in the digital environment in which people live today.…...

Honeywell OneWireless Wireless Device Manager (WDM)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...