Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild

How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments...

Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities: Resource Estimates and Mitigations

This whitepaper seeks to elucidate implications that the capabilities of developing quantum architectures have on blockchain vulnerabilities and mitigation strategies. First, we provide new resource estimates for breaking the 256-bit Elliptic Curve Discrete Logarithm Problem, the core of modern...

mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

GHSA-FXC9-7J2W-VX54 mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

A Systematic Taxonomy of Security Vulnerabilities in the OpenClaw AI Agent Framework

AI agent frameworks connecting large language model LLM reasoning to host execution surfaces--shell, filesystem, containers, and messaging--introduce security challenges structurally distinct from conventional software. We present a systematic taxonomy of 190 advisories filed against OpenClaw, an...

PT-2026-28750

Name of the Vulnerable Software and Affected Versions Belkin F9K1122 version 1.00.33 Description A security issue exists in Belkin F9K1122 1.00.33. The issue involves a stack-based buffer overflow in the formCrossBandSwitch function located in the /goform/formCrossBandSwitch file within the...

Secure Reinforcement Learning: On Model-Free Detection of Man in the Middle Attacks

We consider the problem of learning-based man-in-the-middle MITM attacks in cyber-physical systems CPS, and extend our previously proposed Bellman Deviation Detection BDD framework for model-free reinforcement learning RL. We refine the standard MDP attack model by allowing the reward function to...

SUSE SLES15 / openSUSE 15 Security Update : kea (SUSE-SU-2026:1091-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1091-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local...

JesterSploit

JesterSploit – Advanced WiFi Penetration Testing Framework !...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

How Microsoft Defender protects high-value assets in real-world attack scenarios

In this article 1. Using asset context to strengthen detection 2. How high-value asset protection works 3. Real-world high-value asset protection scenarios 4. Protecting your HVAs 5. Learn more High-value assets including domain controllers, web servers, and identity infrastructure are frequent...

CVE-2026-3109

Mattermost Plugins versions =11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584...

CVE-2025-55272

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...

CVE-2025-55265

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...

The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks

...

The Telnyx PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks

...

ALPINE-CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...