What Your Board Gets Wrong About AI Security

Editor's note: This article was originally published by Craig Riddell on LinkedIn. It has been republished here with the author's permission. Boards are giving AI security more airtime than ever. What they're not giving is the right framing. A year or two ago, AI was mostly a question of...

PT-2026-38808

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

BIT-JAVA-2023-22049

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.18.0 to 2.2.1 had security vulnerabilities. These vulnerabilities stemmed from insufficient validation of user status during certain authentication processes, allowing users who were already...

CVE-2026-28254

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs...

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from unsafe default configurations in the server/settings.default.js file, which disable authentication. As a result, unauthenticated remot...

HotCRP Conference Review Software Cross-Site Script Vulnerabilities

HotCRP Conference Review Software is a software developed by Eddie Kohler. It is used to manage review processes, especially for academic conferences. The version of HotCRP Conference Review Software dated October 2025 to January 2026 contained a cross-site scripting vulnerability. This...

Attackers Don’t Need to Breach Your API -They’ll Breach the Tools That Touch It

The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminde...

CVE-2025-63402

HCLTech GRAGON vuln (CVE-2025-63402) affects GRAGON before v7.6.0. The issue arises from APIs not enforcing limits on the number or size of requests, enabling a remote attacker to execute arbitrary code. Affected product/version is GRAGON prior to 7.6.0; root cause is lack of request throttling/s...

Medium: java-21-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...

AI Pulse: OpenAI’s Wild Bot Behavior After GPT-5

The AI Pulse series breaks down traffic trends and what they mean for apps, APIs, and businesses. In this post, read how OpenAI’s bots are changing after GPT-5...

openjdk: Enhance array handling (Oracle CPU 2025-01)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...

How to Create a Scan to Identify Remote Command Execution

This whitepaper covers how to create a scan in Perl to identify remote command execution in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid RCE problems at the code...

REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers

Overview FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web...

JDK: Integer conversion error leads to incorrect range check (8332644)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracl...

libvirt 代码问题漏洞

libvirt is a libvirt open source Linux API for implementing Linux virtualization features. it supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtualization products used for other operating systems. A code issue vulnerability exists in libvirt that stems...

WordPress Plugin s2Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...