The Constitutionality of Geofence Warrants

The US Supreme Court is considering the constitutionality of geofence warrants. The case centers on the trial of Okello Chatrie, a Virginia man who pleaded guilty to a 2019 robbery outside of Richmond and was sentenced to almost 12 years in prison for stealing $195,000 at gunpoint. Police probing...

security-research-reports

security-research-reports...

EUVD-2025-12527

Malicious code in bioql PyPI...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email, and chat rooms. An information disclosure vulnerability exists in Discourse discourse-yearly-review, which stems from the fact that users appearing in yearly review threads are...

PT-2023-19954 · Discourse · Discourse Yearly Review Plugin

Name of the Vulnerable Software and Affected Versions: Discourse Yearly Review plugin affected versions not specified Description: The Discourse Yearly Review plugin has an issue where a user present in a yearly review topic that is then anonymized will still have some data linked to its original...

Who tracked internet users in 2021–2022

Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software. The websites and services send...

Responsible Disclosure for Cryptocurrency Security

Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two...

Commercial Location Data Used to Out Priest

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis: The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially a...

thorn-linux

This is a Debian-based research and development platform for information security called Thorn Linux. It is designed to keep users up to date with the latest cybersecurity news while providing a hardened and anonymized penetration-testing environment. The platform includes a highly customized...

Afternoon Cyber Tea: Privacy, the pandemic, and protecting our cyber future

Much of our everyday life has moved online with the pandemic continuing to play a role in how we work and communicate with others. This migration has meant that security and privacy continue to remain top-of-mind for both security professionals and those who may not have given these cyber issues ...

Deploy a Cloud WAF & DDoS Solution While Complying with Australian Data Sovereignty

Australia has strict data sovereignty laws in place to ensure that personal customer data remains within the country’s borders. However, we often hear about cloud-based WAF vendors being unable to guarantee that data will not be moved across borders for inspection and data logging purposes. This...

CVE-2019-13419

Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked...

Input validation

Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized...

CVE-2019-13418

Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized...

[AttackVector Linux] Linux distro for anonymized penetration based on Kali and TAILS

AttackVector Linux is a new distribution for anonymized penetration and security. It is based on Kali and TAILS, which are both based on Debian. While Kali requires a modified kernel for network drivers to use injection and so forth, the Tor Project's TAILS is designed from the bottom up for...