OpenTelemetry with Spring Boot

This is a new blog post in the Road to GA series, and this time we're taking a look at OpenTelemetry with Spring Boot. Introduction In modern cloud native architectures, observability is no longer optional; it is a fundamental requirement. You want to understand what your application is doing via...

CVE-2025-64309

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...

CVE-2025-64309

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...

Brightpick Mission Control 安全漏洞

Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that originates from the disclosure of device telemetry, configuration, and credential information to unauthenticated users via...

CVE-2025-64309 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...

CVE-2025-64309 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...

EUVD-2025-197664

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...

CVE-2025-64309

Brightpick Mission Control is affected. Multiple sources (NVD, Red Hat, CVE lists, and security advisories) describe a vulnerability where an unauthenticated user can access a WebSocket URL and exfiltrate device telemetry, configuration data, and credentials. The unauthenticated URL can be discov...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...

CERTFR-2025-CTI-011

creationtimestamp| type| source ---|---|--- 2025-11-14 08:35:21+00:00| seen| https://infosec.exchange/users/decio/statuses/115547132493878451...

PT-2025-47031

Name of the Vulnerable Software and Affected Versions Brightpick Mission Control affected versions not specified Description Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users connecting to a specific URL...

MAL-2025-143251 Malicious code in helmet-eleventy-eclipse-slidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d31b4ffee6662a3c1074ec7d4f79a4fb5fc5a5e087c4aab4d53c6054de2a4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-116281 Malicious code in oktafian-otak-otak88-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caf98bafaef6ff3128462d1d33ecf5fa3a36b311fae6dd2e389ba2f58af0b494 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

GHSA-9C5Q-W6GR-FXCQ MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86/intel/pmt: Fixed an issue with NULL pointer access in crashlog. The use of intelpmtread for binary sysfs requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without...

CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

GO-2025-4044 NeuVector telemetry sender is vulnerable to MITM and DoS in github.com/neuvector/neuvector

NeuVector telemetry sender is vulnerable to MITM and DoS in github.com/neuvector/neuvector...

CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...