PT-2025-47837

Name of the Vulnerable Software and Affected Versions ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Description A security issue exists in ashraf-kabir travel-agency. The manipulation of the edit pack argument in the /admin area/index.php file leads to SQL...

UBUNTU-CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-9825

GitLab CE/EE vulnerability CVE-2025-9825 affects versions 13.7–18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2. Root cause: GraphQL API authentication flaw could allow authenticated users without project membership to view sensitive manual CI/CD variables. The issue has been remediated in patc...

What is CTEM? Your Guide to Reducing Cyber Risk

Trying to explain security priorities to your board using CVSS scores is a tough sell. A long list of technical flaws doesn't translate to business impact, making it difficult to justify budgets and get buy-in for critical initiatives. Security leaders need a better way to frame the conversation...

What is Patch Management Automation and Why It Matters

Executive Summary Environments rarely stay as orderly as they begin. New workloads, faster releases, and growing attack surfaces stretch manual patching beyond its limits. The real risk emerges in the widening gap between spotting a vulnerability and fixing it. Automated patch management closes...

CVE-2025-13276

A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The...

A Guide to Exposure Management Cybersecurity Best Practices

Attackers don't think in terms of CVE scores. They look for the path of least resistance, whether it's a forgotten server, a misconfigured cloud bucket, or an exposed API. While your team is busy prioritizing a long list of software flaws, a real threat could be exploiting a simple oversight that...

It's a Feature, Not a Bug: Secure and Auditable State Rollback for Confidential Cloud Applications

Replay and rollback attacks threaten cloud application integrity by reintroducing authentic yet stale data through an untrusted storage interface to compromise application decision-making. Prior security frameworks mitigate these attacks by enforcing forward-only state transitions state continuit...

7 Steps for Securing Generative AI in Enterprises

Think of your AI strategy like building a skyscraper. You wouldn't construct twenty floors and then try to figure out where the foundation should go. Security must be part of the blueprint from the very beginning. Bolting on security measures after an AI model is already in use is a recipe for...

Multi-Agent Collaborative Fuzzing with Continuous Reflection for Smart Contracts Vulnerability Detection

Fuzzing is a widely used technique for detecting vulnerabilities in smart contracts, which generates transaction sequences to explore the execution paths of smart contracts. However, existing fuzzers are falling short in detecting sophisticated vulnerabilities that require specific attack...

6 Actionable Vulnerability Management Best Practices

Every unpatched vulnerability is more than just a technical flaw; it's a direct business risk. These security gaps are the entry points for breaches that lead to devastating financial losses, operational downtime, and long-term damage to your brand's reputation. When viewed through this lens,...

6 Best CTEM Vendors: A Head-to-Head Comparison

Your team just ran a vulnerability scan and now you’re staring at a list of thousands of CVEs. The big question is, what do you fix first? Relying on CVSS scores alone doesn’t tell you which of these vulnerabilities are actually exploitable in your environment or which ones protect your most...

BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration

New York, New York, 13th November 2025, CyberNewsWire...

Malicious code in prosthetics-commitlint-astrobiology-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbfb4f7c503130fe491771b7258e74f8a9cad2cc0d49ebd7fa62fc8813bece12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188916 Malicious code in proxima-nightmare-postgres-seismology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dddb55344319b54c55a9c4fc70b867ff693278f587db1ce1fafcb3b61df7e51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187928 Malicious code in markdown-nconf-string-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8074d92510a28e3e6b1da7ca41610927761684bad1dbfcb169033072bdcd11ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185353 Malicious code in abiogenesis-airbnb-supernova-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b35d79dea66f1fdc77e0451d307bacb1912c7849f9e4094598cb136d4337f33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188233 Malicious code in neptune-venus-foundation-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee152f2d4396ca7e5f7e1a9e8af596f9095773d1fab65f76596fd3bf58c29f61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in biotechnology-corvus-phoebe-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c7d89363aa906934aa21323a9e5cbbcbac669a622cb76d058c5bc4794c9529f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cloud-class-stack-xml-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 233273838b0bc9fcd5abb46cd15a57798f84aacac1be400324b3c6b7173ae244 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...