790 matches found
Agent Grant: From Identity Signals to Measurable Risk Reduction
Executive Summary Identity is now the 1 attack surface. Agent Grant in Qualys ETM Identity uses agentic AI to measure and reduce identity risk across AD, Entra, Okta & other cloud IdPs/IDaaS. It operationalizes identity risk by turning messy Active Directory & identity-risk signals into validated...
SUSE CVE-2025-65637
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...
CVE-2023-54176
In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcpworker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected state: connect // incoming reset + fastclose // the mptcp worker is...
PT-2025-54005
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc1-gde5e8fd0123c 11 Description The mptcp protocol could run a worker when the associated socket was in an unexpected state, specifically during a connect operation following an incoming reset and fastclos...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992694)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992694 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: don't let userspace block driver unbind In the unbind callback for fuac1 and...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992307)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992307 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: don't let userspace block driver unbind In the unbind callback for fuac1 and...
Goodbye, dark Telegram: Blocks are pushing the underground out
Telegram has won over users worldwide, and cybercriminals are no exception. While the average user chooses a messaging app based on convenience, user experience and stability and perhaps, cool stickers, cybercriminals evaluate platforms through a different lens. When it comes to anonymity, privac...
kernel: mptcp: do not queue data on closed subflows
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Modules linked in: uioivshmemOE ui...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models...
mptcp: do not queue data on closed subflows
...
EUVD-2025-106060
Malicious code in closedzebraz3n npm...
EUVD-2025-92721
Malicious code in closedmeerkatz3n npm...
EUVD-2025-92720
Malicious code in closedspoonbillz3n npm...
EUVD-2025-92722
Malicious code in closedcrocodilez3n npm...
EUVD-2025-74821
Malicious code in closedwildfowlolive-68 npm...
Malicious code in closed_lemming_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 944830a84d87df594bc9365214d49916d80a6751db75486a6e0846ac24e963f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-79628
Malicious code in closedchickadeez3n npm...
Malicious code in closed_mouse_dumbs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1e4321e29a74545e46906315c80e48af807d94dac0899a8b1e797f587d9dc54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-82485
Malicious code in closedmousedumbs npm...
EUVD-2025-64964
Malicious code in closedangelfishrequirement npm...