CVE-2026-40851

A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability...

CVE-2025-1680

CVE-2025-1680 affects Moxa Ethernet switches. Description: an acceptance of extraneous untrusted data with trusted data vulnerability enables an administrator to inject crafted Host headers into HTTP requests to the device web service, classed as Host Header Injection. Root cause: improper handli...

CVE-2025-57761

WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependenteremover.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...

Linux Distros Unpatched Vulnerability : CVE-2021-3752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a rac...

The Person in Charge of Testing Tech for US Spies Has Resigned

IARPA director Rick Muller is departing after just over a year at the R&D unit that invests in emerging technologies of potential interest to agencies like the NSA and the CIA, WIRED has learned...

Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents

A former U.S. Central Intelligence Agency CIA analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information NDI to people who were not entitled to receive them and for attempting to cover up the malicious...

On the Security Risks of ML-Based Malware Detection Systems: a Survey

Malware presents a persistent threat to user privacy and data integrity. To combat this, machine learning-based ML-based malware detection MD systems have been developed. However, these systems have increasingly been attacked in recent years, undermining their effectiveness in practice. While the...

Web 3.0 Requires Data Integrity

If you've ever taken a computer security class, you've probably learned about the three legs of computer security--confidentiality, integrity, and availability--known as the CIA triad. When we talk about a system being secure, that's what we're referring to. All are important, but to different...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +158 more potentially affected by CVE-2025-27427 via org.apache.activemq:artemis-server (>=2.0.0 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =2.0.0, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27427 Source advisory: OSV:GHSA-3W85-5P9G-H334...

Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters

The phishing campaign is highly sophisticated!...

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties

A former analyst working for the U.S. Central Intelligence Agency CIA pleaded guilty to transmitting top secret National Defense Information NDI to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, wa...

The Untold Story of Trump's Failed Attempt to Overthrow Venezuela's President

A successful CIA hack of Venezuela's military payroll system, insider fights for spy agency resources, and messy opposition politics: A WIRED investigation reveals a secret Trump-era attempt to oust autocratic ruler Nicolás Maduro...

GHSA-G8V9-C8M3-942V Remote code execution in php-heic-to-jpg

php-heic-to-jpg 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg below 1.0.5...

CVE-2024-48514

php-heic-to-jpg = 1.0.5 is vulnerable to code injection fixed in 1.0.6. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below...

CVE-2024-48514

CVE-2024-48514 affects php-heic-to-jpg

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach n...

Taylor Swift Concert Terror Plot Was Thwarted by Key CIA Tip

Plus: China-linked hackers infiltrate US internet providers, authorities crack down on a major piracy operation, and a ransomware gang claims attacks during the Paris Olympics...

Story of an Undercover CIA Agent who Penetrated Al Qaeda

Rolling Stone has a long investigative story non-paywalled version here about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the "real life spies" file: a fake Sudanese diving resort run by Mossad...

The Take Command Summit: A Stacked Agenda, and Killer Guest Speakers Coming Your Way May 21

By now you should have heard about Take Command, Rapid7’s day-long virtual summit on May 21 bringing together some of the best minds in the cybersecurity sphere for comprehensive discussions on the latest data, challenges, and opportunities in the industry. It’s an opportunity to expand your...

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming? Absolutel...