EUVD-2025-199884

PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain...

PT-2025-48350

Name of the Vulnerable Software and Affected Versions PubNet versions prior to 1.1.3 Description PubNet is a self-hosted Dart & Flutter package service. The /api/storage/upload endpoint allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enabl...

CVE-2025-64310

EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack...

Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks

The FBI has issued a public service announcement warning about a surge in account takeover ATO fraud, and the timing lines up with a major alert Amazon has just sent to its 300 million customers about brand impersonation scams. How ATO fraud works Account takeover fraud is just what it says:...

EUVD-2025-199630

node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization...

What Does BAS Stand For? A Complete Guide

Running generic security tests is like studying for the wrong exam. You might be prepared for something, but not for the threats you’re most likely to face. To build a truly resilient defense, you need to test your controls against the specific tactics, techniques, and procedures that adversaries...

Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025

Just like the 2000s Flip phones grew popular, Windows XP debuted on personal computers, Apple introduced the iPod, peer-to-peer file sharing via torrents was taking off, and MSN Messenger dominated online chat. That was the tech scene in 2001, the same year when Sir Dystic of Cult of the Dead Cow...

kernel: ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

kernel: ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

Security update for bind

This update for bind fixes the following issues: CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

SUSE-SU-2025:4222-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...

bind security update

32:9.16.23-34.0.1.1 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-34.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Replace downstream fixes with upstream changes - Address various spoofing attacks CVE-2025-40778 32:9.16.23-34 - Fix failures in idn...

Quantum Key Distribution: Bridging Theoretical Security Proofs, Practical Attacks, and Error Correction for Quantum-Augmented Networks

Quantum Key Distribution QKD is revolutionizing cryptography by promising information-theoretic security through the immutable laws of quantum mechanics. Yet, the challenge of transforming these idealized security models into practical, resilient systems remains a pressing issue, especially as...

Matrix Push C2 abuses browser notifications to deliver phishing and malware

Cybercriminals are using browser push notifications to deliver malware and phishing attacks. Researchers at BlackFog described how a new command-and-control platform, called Matrix Push C2, uses browser push notifications to reach potential victims. When we warned back in 2019 that browser push...

Aggregated Rate Limiting Defends Against Large-Scale and DDoS Attacks

Discover how Akamai’s new aggregated rate limiting strengthens defenses against large-scale, distributed DDoS attacks, and API abuse with smarter detection...

To buy or not to buy: How cybercriminals capitalize on Black Friday

The global e‑commerce market is accelerating faster than ever before, driven by expanding online retail, and rising consumer adoption worldwide. According to McKinsey Global Institute, global e‑commerce is projected to grow by 7–9% annually through 2040. At Kaspersky, we track how this surge in...

CVE-2025-13589

FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-13589

CVE-2025-13589 affects the FMS product from Otsuka Information Technology. The vulnerability is a Reflected Cross-site Scripting (XSS) flaw that lets unauthenticated remote attackers execute arbitrary JavaScript in a user’s browser, typically through phishing-style vectors. The descriptions acros...

CVE-2025-13589 Otsuka Information Technology｜FMS - Reflected Cross-site Scripting

FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

Prompt Fencing: A Cryptographic Approach to Establishing Security Boundaries in Large Language Model Prompts

Large Language Models LLMs remain vulnerable to prompt injection attacks, representing the most significant security threat in production deployments. We present Prompt Fencing, a novel architectural approach that applies cryptographic authentication and data architecture principles to establish...