EUVD-2025-5567

Malicious code in bioql PyPI...

MCP Authorization in practice with Spring AI and OAuth2

Last month, we explored how to secure Spring AI MCP Servers1 with the OAuth2 authorization framework. In the conclusion of that article, we mentioned we'd explore using standalone Authorization Servers for MCP Security and deviate from the then-current specification. Since we published the articl...

CVE-2025-27371

Technical details for CVE-2025-27371 are not publicly available in the provided documents. The materials do not specify affected products, versions, impact, or remediation. Monitor for updates.

CVE-2025-27371

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 910...

NIST SP 800-53 Rev. 5 Updates: What You Need to Know About The Most Recent Patch Release (5.1.1)

On November 7th, the National Institute of Standards and Technology NIST issued an update to SP 800-53, a NIST-curated catalog of controls that organizations can implement to effectively manage security and privacy risk. In this blog we’ll cover the new and updated controls within patch release...