CVE-2025-27445

creationtimestamp| type| source ---|---|--- 2025-06-05 13:49:51+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lquhlgrb3xi2 2025-06-05 14:31:22+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114631238055243276 2025-06-18...

CVE-2025-4945

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior,...

CERTFR-2024-CTI-009

creationtimestamp| type| source ---|---|--- 2025-01-29 13:51:46+00:00| seen| https://bsky.app/profile/test-cvp.bsky.social/post/3lgv4i5vr332i...

Identity Threat Detection and Response Solution Guide

The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response ITDR has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally...

Identify and De-risk Unmanaged, Unauthorized Devices With Qualys CyberSecurity Asset Management (CSAM)

69% of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset such as software, cloud-based workloads user accounts, and IoT devices. Ultimately, these attacks stem from visibility gaps in the attack surface. Bringing these assets...

Free access to ThreatDown Application Block: Elevate your Windows security at no cost

Malwarebytes continues to add value to its ThreatDown Bundles with the inclusion of Application Block as free for all ThreatDown Nebula accounts excluding Mobile only accounts. Users dont need to activate this new feature: the policy has been enabled in their account by default. For as many...

23andMe blames “negligent” breach victims, says it’s their own fault

In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors...

Insecure and Inflexible Forwarder Approval Mechanism (Full Access Grant)

Lines of code Vulnerability details Impact The current implementation of the onlyApprovedForwarder modifier in the Ocean smart contract has several negative impacts: 1. Security Risk: Users are exposed to a significant security risk if their forwarder is compromised. An attacker can exploit full...

Transform Your Data Security Posture – Learn from SoFi's DSPM Success

As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra's DSPM Data Security Posture Management emerges as a comprehensive...

SDG PnPSCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve...

Access Control Unauthorized access to restricted functions setWithdrawalDelayBlocks

Lines of code Vulnerability details Impact By exploiting the owner's role through social engineering, an attacker could theoretically gain indirect control over any functions that require owner authorization. Specifically, the ability to manipulate withdrawal delays and other critical security...

Imperva® and Fortanix Partner to Protect Confidential Customer Data

Imperva Data Security Fabric and Fortanix Data Security Manager combine to provide end-to-end data security. Imperva, Inc., @Imperva the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, and Fortanix, Inc. @Fortanix, the Data Security company powered by...

Cross-site Scripting (XSS) - Stored

Description The stored XSS vulnerability found in the caliber-web application is a security flaw that allows an attacker to execute malicious code in a user's browser. The vulnerability affects the "/ajax/pathchooser/" endpoint and is present in the "path" parameter, which is sent via the GET...

[SECURITY] Fedora 37 Update: sysstat-12.6.0-4.fc37

The sysstat package contains the sar, sadf, mpstat, iostat, tapestat, pidstat, cifsiostat and sa tools for Linux. The sar command collects and reports system activity information. The information collected by sar can be saved in a file in a binary format for future inspection. The statistics...

Security Bulletin: Vulnerability in IBM InfoSphere Guardium Database Activity Monitoring (CVE-2010-2273)

Abstract Guardium Database Activity Monitoring is affected by multiple cross-site scripting XSS vulnerabilities in Dojo which could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Content VULNERABILITY DETAILS: CVE ID: CVE-2010-2273 CVSS: CVSS Base Score: 4....

TikTok’s In-App Browser Can Monitor Your Activity on External Websites

By Deeba Ahmed Other iPhone apps using in-app browsers were also tested in the research but TikTok was the only app to monitor keystrokes. This is a post from HackRead.com Read the original post: TikToks In-App Browser Can Monitor Your Activity on External Websites...

Five Steps to Prepare Data for a Zero-Trust Security Model

The outmoding of traditional network security Traditional network security was based on the concept of a guarded network perimeter, which is difficult to access from the outside but implicitly trusts everyone on the inside. The problem with this approach is that once an attacker has access to the...

How to Secure Your SaaS Stack with a SaaS Security Posture Management Solution

Whether it’s Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring that all the apps have proper security settings and are configured correctly falls on the security team. The challenge...

How to Tackle SaaS Security Misconfigurations

Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring these apps' security settings are properly configured falls on the security team. The challenge lies within how burdenso...

Imperva Cloud Data Security adds Azure SQL support to build on extensive DBaaS coverage

It’s kind of mind boggling to see just how fast the market is adopting cloud managed database services also referred to as DBaaS. According to market research firm Imarc Group, In 2020, the overall market size was $12.8 billion, and within five years it’s expected to reach over $31 billion. That’...