CVE-2025-47908 vulnerabilities

Vulnerabilities for packages: rekor, fulcio, prometheus-alertmanager, datadog-agent, cortex, timestamp-authority, grafana-mimir...

A Survey of Agentic AI and Cybersecurity: Challenges, Opportunities and Use-Case Prototypes

Agentic AI marks an important transition from single-step generative models to systems capable of reasoning, planning, acting, and adapting over long-lasting tasks. By integrating memory, tool use, and iterative decision cycles, these systems enable continuous, autonomous workflows in real-world...

Cyber Threat Exposure Management: A 5-Step Guide

Attackers don’t care about your long list of CVEs. They look for the path of least resistance to your most valuable assets. So, why are we still managing security from a defender’s checklist instead of an attacker’s playbook? A modern security program needs to see the entire attack surface throug...

What Is Security Controls Validation? An Essential Guide

You wouldn’t wait for a real fire to find out if your smoke detectors work or if your team knows the evacuation route. You run fire drills. So why would you wait for a real cyberattack to test your security defenses? This is the simple, powerful idea behind security controls validation. It’s the...

golang-cicd-poc

Golang CI/CD POC Project POC project for trying out different...

PT-2026-3780

Name of the Vulnerable Software and Affected Versions Pyroscope versions prior to 1.15.2 Pyroscope versions prior to 1.16.1 Description When configured to use Tencent Cloud Object Storage COS as the storage backend, the Pyroscope API may expose the secret key configuration value. An attacker with...

Bugs that survive the heat of continuous fuzzing

Even when a project has been intensively fuzzed for years, bugs can still survive. ​​OSS-Fuzz is one of the most impactful security initiatives in open source. In collaboration with the OpenSSF Foundation, it has helped to find thousands of bugs in open-source software. Today, OSS-Fuzz fuzzes mor...

GHSA-38RV-8X93-PVRH

creationtimestamp| type| source ---|---|--- 2025-12-29 21:01:14+00:00| seen| https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/...

GHSA-38H4-FX85-QCX7

creationtimestamp| type| source ---|---|--- 2025-12-29 21:01:14+00:00| seen| https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/...

GHSA-496F-X7CQ-CQ39

creationtimestamp| type| source ---|---|--- 2025-12-29 21:01:14+00:00| seen| https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/...

GHSA-G9XM-7538-MQ8W

creationtimestamp| type| source ---|---|--- 2025-12-29 21:01:14+00:00| seen| https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/...

Agentic AI for Autonomous Defense in Software Supply Chain Security: Beyond Provenance to Vulnerability Mitigation

The software supply chain attacks are becoming more and more focused on trusted development and delivery procedures, so the conventional post-build integrity mechanisms cannot be used anymore. The available frameworks like SLSA, SBOM and in toto are majorly used to offer provenance and traceabili...

Practical Quantum Teleportation with Finite-Energy Codebooks

Quantum communication exploits non-classical correlations to achieve efficient and unconditionally secure exchange of information. In particular, the quantum teleportation protocol allows for a deterministic and secure transfer of unknown quantum states by using pre-shared quantum entanglement an...

How BAS Improves Vulnerability Management (And Why)

A vulnerability without context is just a data point. A medium-severity flaw might seem like a low priority, but what if you knew it was being actively used in a new ransomware campaign targeting your industry? This is why threat intelligence is so crucial. The answer to how does BAS improve...

CVE-2025-14591

In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF Windows and DOS End-of-Record EOR characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally...

DevOps and Cybersecurity: Building a New Line of Defense Against Digital Threats

Learn how DevOps and DevSecOps strengthen cybersecurity through automation, CI/CD, and secure DevOps development services...

CVE-2025-14591

In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF Windows and DOS End-of-Record EOR characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally...

PT-2025-52541

Name of the Vulnerable Software and Affected Versions Delphix Continuous Compliance versions 2025.3.0 and above Description An issue exists due to incorrect handling of End-of-Record EOR characters in delimited files. Specifically, an incorrect EOR configuration can lead to inaccurate parsing,...

Your Guide to PCI DSS 4.0.1 Web Application and API Controls with a Simplified Path to Compliance

Executive Summary PCI DSS 4.0.1 compliance mandates stricter security controls for web applications and APIs. Key updates include maintaining an inventory of custom software PCI 6.3.2 and managing payment page scripts to prevent skimming attacks PCI 6.4.3. Organizations must also adopt risk-based...

Optimizing Epsilon Security Parameters in QKD

We investigate the optimization of epsilon-security parameters in quantum key distribution QKD, aiming to improve the achievable secure key rate under a fixed overall composable security level. For this purpose, we employ a continuous genetic algorithm CGA to optimize the epsilon-security...