1841 matches found
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component...
Linux Distros Unpatched Vulnerability : CVE-2026-39883
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolut...
Event-Driven Temporal Graph Networks for Asynchronous Multi-Agent Cyber Defense in NetForge_RL
The transition of Multi-Agent Reinforcement Learning MARL policies from simulated cyber wargames to operational Security Operations Centers SOCs is fundamentally bottlenecked by the Sim2Real gap. Legacy simulators abstract away network protocol physics, rely on synchronous ticks, and provide clea...
Windows Telemetry Persistence
This persistence mechanism installs a new telemetry provider for windows. If telemetry is turned on, when the scheduled task launches, it will execute the telemetry provider and execute our payload with system permissions. Module Options msf use exploit/windows/persistence/telemetry msf...
Cloud Threats Retrospective 2026: What AI Changed (and What It Didn’t)
Insights from public incidents, cloud telemetry, and investigations into how cloud risk evolved in 2025...
From the field to the report and back again: How incident responders can use the Year in Review
Every year, Cisco Talos publishes Year in Review, a comprehensive look at the previous year's threat landscape. It's drawn from an enormous volume of telemetry, such as endpoint detections, network traffic, email data, and boots-on-the-ground Cisco Talos Incident Response Talos IR engagements. As...
CLEANSTART-2026-BA09462 OpenTelemetry-Go is the Go implementation of OpenTelemetry
Multiple security vulnerabilities affect the cass-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...
Linux Distros Unpatched Vulnerability : CVE-2026-39882
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into a...
Windows Telemetry Persistence
This is a Metasploit module that provides a persistence mechanism that installs a new telemetry provider for windows. If telemetry is turned on, when the scheduled task launches, it will execute the telemetry provider and execute our payload with system permissions...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path through the hostIDReaderBSD.read function in sdk/resource/hostid.go. An attacker can execute a malicious kenv binary by placing it earlier in $PATH and triggering host ID detection on BSD or Solaris systems when...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path through the hostIDReaderBSD.read function in sdk/resource/hostid.go. An attacker can execute a malicious kenv binary by placing it earlier in $PATH and triggering host ID detection on BSD or Solaris systems when...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...
CVE-2026-39882
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
DEBIAN-CVE-2026-39882
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...
CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...