Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code

Every engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back. If someone asks "what changed?", the answer is in the commit history. This isn't heroic discipline to process; it's just how software gets built...

Stored Cross-Site Scripting (XSS)

com.liferay, com.liferay.change.tracking.service is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the notifications widget’s “Name” text field, which allows an attacker to inject arbitrary web scripts or HTML into a...

Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the comliferaychangetrackingwebportletPublicationsPortletvalue parameter. An attacker can access and modify publication comments by sending crafted URLs as an authenticated user. Remediation Upgrade...

PT-2025-41793

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.1 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.5 Description An insecure direct object reference IDOR exists in the Publications feature. This allows remotely authenticated attackers to view the...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the comment's add/edit endpoints. An attacker can perform unauthorized actions on behalf of authenticated users by tricking them into submitting malicious requests. Remediation Upgrade...

Hyper-V Resilient Change Tracking Performance Issues

Challenge General Hyper-V OS performance degradation can occur when using a backup solution to export Hyper-V VM snapshots during backup operations. Solution Based on investigations between Veeam and Microsoft, two underlying causes have been identified. Resilient Change Tracking Resilient Change...

Guidance: Assembling a Group of Products for SBOM

Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...

Update Rollup 4 for System Center 2019 Data Protection Manager

Update Rollup 4 for System Center 2019 Data Protection Manager Applies to : System Center 2019 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 4 for Microsoft System Center Data Protection Manager 2019. This article also contains the...

Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138) Exploit

Exploit for windows platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=914 Windows: VHDMP Arbitrary File Creation EoP Platform: Windows 10 10586 and 14393. Unlikely to work on 7 or 8.1 as I think it’s new functionality Class: Elevation of...

Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=914 Windows: VHDMP Arbitrary File Creation EoP Platform: Windows 10 10586 and 14393. Unlikely to work on 7 or 8.1 as I think it’s new functionality Class: Elevation of Privilege Summary: The VHDMP driver doesn’t safely create fil...

Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138)

Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation MS16-138 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=914 Windows: VHDMP Arbitrary File Creation EoP Platform: Windows 10 10586 and 14393. Unlikely to work on 7 or 8.1 as I think it’s new functionality...

krb5 security, bug fix, and enhancement update

1.14.1-26 - Use responder in non-preauth AS reqs - Resolves: 1363690 1.14.1-25 - Fix bad debuglog call in selinux handling - Resolves: 1292153 1.14.1-24 - Fix KKDCPP with TLS SNI by always presenting 'Host:' header - Resolves: 1364993 1.14.1-23 - Add dependency on libkadm5 to krb5-devel - Resolve...

Veeam Management Pack 8.0 for System Center Update 1 Release Notes

Challenge Release Notes for Veeam Management Pack 8.0 for System Center Update 1. Cause Please confirm you are running Veeam Management Pack 8.0 prior to installing this update. You can check this in Operations Manager console under Administration | Management Packs, the build number should be...

Hyper-V Changed Block Tracking Troubleshooting

Challenge Backup and/or Replication jobs report that changed block tracking is not working properly. Article Applicability This article is only relevant when Veeam Backup & Replication is used with the following Hyper-V versions. In these older versions of Hyper-V there was no native CBT function...