Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick

US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools...

Meta’s face-recognition code raises new concerns about smart glasses

Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...

Bill to Create Independent US Cyber Force Wants to Place It Under the US Army

It looks like we're finally making progress towards an independent US Cyber Force: https://www.csis.org/programs/strategic-technologies-program/projects/commission-us-cyber-force-generation However, this bill by Sen Gillibrand to put it under the Army isn't the best idea...

Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

S3C2 Summit 2025-07: Government Secure Supply Chain Summit

Software supply chains, while providing immense economic and software development value, are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks specifically targeting vulnerable links in critical software supply chains. The...

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: gomplate, tfsec, kyverno, rancher-fleet, crossplane, k9s, osv-scanner, guac, gitea, flux-source-controller, argo-cd, witness, wolfictl, nuclei, steampipe, kargo, apko, pulumi-kubernetes-operator, pulumi-language-dotnet, argocd-image-updater, gptscript, argo-events,...

GHSA-PMWQ-PJRM-6P5R vulnerabilities

Vulnerabilities for packages: falcoctl, docker, kyverno, crossplane, neuvector-sigstore-interface, guac, vexctl, ratify, policy-controller, flux-source-controller, docker-cli-buildx, dagger, ko, tflint, skaffold, spire-server, buildkitd, docker-compose, goreleaser, rekor, tekton-chains, kubescape...

The Latest Push to Extend Key US Spy Powers Is Still a Mess

A US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors...

[SECURITY] Fedora 43 Update: trivy-0.69.3-1.fc43

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more...

Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials SBOM-based pipelines for security analysis typically treat scanner findings as independent per-CVE Common...

Architectural Implications of the UK Cyber Security and Resilience Bill

The UK Cyber Security and Resilience CS&R Bill represents the most significant reform of UK cyber legislation since the Network and Information Systems NIS Regulations 2018. While existing analysis has addressed the Bill's regulatory requirements, there is a critical gap in guidance on the...

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: gomplate, tfsec, kyverno, rancher-fleet, crossplane, k9s, osv-scanner, guac, gitea, flux-source-controller, argo-cd, witness, wolfictl, nuclei, steampipe, kargo, apko, pulumi-kubernetes-operator, pulumi-language-dotnet, argocd-image-updater, gptscript, argo-events,...

spdx-sboms

No d...

sboms

No d...

CVE-2026-33481

A flaw was found in Syft, a tool for generating Software Bill of Materials SBOM. When Syft scans large or highly compressed archives, it unpacks them into temporary storage. If this process exhausts the temporary storage, Syft fails to properly clean up these files. This can lead to the temporary...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

aicerberus

AICerberus 🐺 AI supply chain security scanner — one comma...

US Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access

A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

SBOM CVE Scanner - Enhanced Edition A comprehensive Python to...

itsourcecode Vehicle Management System SQL注入漏洞

itsourcecode Vehicle Management System is an open-source vehicle management system developed by itsourcecode. Version 1.0 of the itsourcecode Vehicle Management System has a SQL injection vulnerability. This vulnerability arises from the handling of parameter IDs in the /billaction.php file, whic...