PT-2026-34875

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

Anthropic Mythos: Separating Signal from Hype

The recent buzz around Anthropic’s Mythos model has been intense, and for good reason. Early reports suggest a model that significantly advances automated reasoning over large codebases, vulnerability discovery, and exploit generation. Some are already calling it a “game changer” for offensive...

HCL Aftermarket DPC Hardcoding Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a hard-coded vulnerability that originates from hard-coded sensitive data, which can be exploited by an attacker to gain access to source code or retrieve these...

CVE-2025-55263

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets...

CVE-2025-55263 HCL Aftermarket DPC is affected by Hardcoded Sensitive Data

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets...

CVE-2025-55263 HCL Aftermarket DPC is affected by Hardcoded Sensitive Data

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets...

CVE-2025-55263

Technical details (affected components, versions, exploit methods, or remediation) are not publicly provided in the supplied documents. Monitor for updates as information may be added later.

Hand over the keys for Shannon’s shenanigans

Welcome to this week's edition of the Threat Source newsletter. Last week, yet another security AI tool made the rounds on social media: Shannon, a fully autonomous AI penetration testing tool created by Keygraph. It "autonomously hunts for attack vectors in your code, then uses its built-in...

CVE-2025-9982

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...

EUVD-2000-0395

Malware in sbrugna...

EUVD-2009-1004

Malware in sbrugna...

EUVD-2002-1014

Malware in sbrugna...

EUVD-2004-2627

Malware in sbrugna...

EUVD-2017-18303

Malware in sbrugna...

EUVD-2008-2117

Malware in sbrugna...

EUVD-2024-0005

Malicious code in bioql PyPI...

EUVD-2024-53624

Malicious code in bioql PyPI...

CVE-2025-60449

An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the adminsafe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators to scan and download not only the application’s source code but also...

PT-2025-23649 · Unknown · Webpack-Dev-Server

Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 5.2.1 Description: The issue allows an attacker to obtain source code via a method similar to that used to exploit a previously reported vulnerability. This is possible because webpack-dev-server always...

PT-2025-23484 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 12.0.4 Description: The issue allows source code stored on the web server to potentially aid in further attacks against the system. Recommendations: For versions 11.2.0 through 12.0.4, consider...