American Fuzzy Lop plus plus 5.00c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

Tanium Server 安全漏洞

Tanium Server is a security management platform developed by the American company Tanium. Tanium Server has a security vulnerability, which stems from a denial-of-service vulnerability...

American Fuzzy Lop plus plus 4.40c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

What can’t you say on TikTok?

This week on the Lock and Code podcast … A funny thing happened on TikTok last month, and it has brought allegations of censorship, manipulation, and control. It was the week of January 22, and after a long legal battle, TikTok had finally—for the first time in its company history—moved its...

“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities

A Cisco Talos researcher worked around the limitations of hardware-level Code Read-out Protection RDP on the Socomec DIRIS M-70 gateway by pivoting from physical debugging to a "good enough" emulation approach. By focusing on emulating only the single thread responsible for Modbus protocol handli...

Airleader Master 代码问题漏洞

Airleader Master is a management device developed by the American company Airleader, used for managing air compressors. Versions of Airleader Master 6.381 and earlier contained code vulnerabilities due to unlimited file upload capabilities, which could lead to remote code execution...

Tanium Appliance 安全漏洞

Tanium Appliance is a terminal management and security platform deployed by the American company Tanium. There is a security vulnerability in Tanium Appliance, which stems from improper certificate verification...

Tanium Threat Response 安全漏洞

Tanium Threat Response is a core security module for endpoint detection and response developed by the American company Tanium. Tanium Threat Response has a security vulnerability, which stems from information leakage...

IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations

Threat actors predominately exploited public-facing applications for the second quarter in a row, with this tactic appearing in nearly 40 percent of Cisco Talos Incident Response Talos IR engagements -- a notable decrease from over 60 percent last quarter, when engagements involving ToolShell...

EU Launches GCVE to Track Vulnerabilities Without Relying on US

The new EU-funded GCVE project is breaking dependence on US databases to track software flaws. Discover how this decentralised system aims to ensure global cybersecurity...

Online shoppers at risk as Magecart skimming hits major payment networks

Researchers have been tracking a Magecart campaign that targets several major payment providers, including American Express, Diners Club, Discover, and Mastercard. Magecart is an umbrella term for criminal groups that specialize in stealing payment data from online checkout pages using malicious...

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these...

Widespread Magecart Campaign Targets Users of All Major Credit Cards

Researchers at Silent Push have exposed a global Magecart campaign stealing credit card data since 2022. Learn how this invisible web-skimming attack targets major networks like Mastercard and Amex, and how to stay safe...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an Insufficient Policy Enforcement vulnerability, which stems from a failure to strictly enforce established security policy constraints when handling WebView tags, resulting in some high-privilege pages not being...

EUVD-2026-1047

AIOHTTP has unicode match groups in regexes for ASCII protocol elements...

WordPress Downloable by American Osteopathic Association plugin <= 0.1.0 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by Aly Khaled in WordPress Plugin Aoa Downloadable versions = 0.1.0...

Kevin Lancaster Joins the usecure Board to Accelerate North American Channel Growth

Claymont, Delaware, 1st December 2025, CyberNewsWire...

Part Four of The Kryptos Sculpture

Two people found the solution. They used the power of research, not cryptanalysis, finding clues amongst the Sanborn papers at the Smithsonian's Archives of American Art. This comes as an awkward time, as Sanborn is auctioning off the solution. There were legal threats--I don't understand their...

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch

Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as...

EUVD-2020-29878

Malware in sbrugna...