940591 matches found
CVE-2026-56690
creationtimestamp| type| source ---|---|--- 2026-07-10 12:32:05+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqc5qu5luq2o 2026-07-10 12:53:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqc6wpo2tm2i 2026-07-10 16:49:16+00:00| seen|...
[SECURITY] Fedora 44 Update: python-pendulum-3.2.0-1.fc44
Unlike other datetime libraries for Python, Pendulum is a drop-in replacement for the standard datetime class it inherits from it, so, basically, you can replace all your datetime instances by DateTime instances in you code. It also removes the notion of naive datetimes: each Pendulum instance is...
CVE-2026-11541
creationtimestamp| type| source ---|---|--- 2026-06-30 22:41:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpk34s2k5x2u 2026-07-01 02:51:56+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mpkj56ehry2l 2026-07-02 01:31:56+00:00| seen|...
CVE-2026-13487
creationtimestamp| type| source ---|---|--- 2026-06-28 13:22:36+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mpe2y3obci2v 2026-06-28 14:35:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpe72l5y2323 2026-06-29 19:46:18+00:00| seen|...
JLSEC-2026-617 Open redirect in the HTTP.jl static file server canonical redirects
Description The static file server's canonical 301 redirects index-file strip, directory trailing-slash add, and file trailing-slash strip built the Location header verbatim from the un-normalized request target. Request-target validation only requires a leading /, has no CTL bytes, and the...
CVE-2026-9456
creationtimestamp| type| source ---|---|--- 2026-06-22 04:16:36+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3motzobguut2b...
MAL-2026-6151 Malicious code in buildautomation-touch (npm)
The npm package buildautomation-touch published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
MAL-2026-6161 Malicious code in flexbox-oauth-machinelearning (npm)
The npm package flexbox-oauth-machinelearning published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
MAL-2026-6181 Malicious code in virtualization-compression-collapse (npm)
The npm package virtualization-compression-collapse published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it...
MAL-2026-6162 Malicious code in font-picker-responsive (npm)
The npm package font-picker-responsive published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
CVE-2026-52718
creationtimestamp| type| source ---|---|--- 2026-06-15 21:02:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moe6n7ygzu2v...
GHSA-8HG8-63C5-GWMX
creationtimestamp| type| source ---|---|--- 2026-06-12 16:00:32+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mo44dsnzdc2y...
CVE-2026-49347
creationtimestamp| type| source ---|---|--- 2026-06-12 13:36:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo3ud4luzf2r...
CVE-2026-49218
creationtimestamp| type| source ---|---|--- 2026-06-11 00:59:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnxzkh72te2n 2026-06-11 02:10:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mny5i4wo5u2v...
Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities...
AI Model Extraction Attacks: Bypassing Single-Client Assumptions in Defenses
Ensuring the protection of Artificial Intelligence AI models deployed in military Command and Control C2 systems and critical infrastructure is essential for maintaining information superiority. Model Extraction Attacks MEAs pose a significant threat, as they enable adversaries to replicate...
Vulnerability Disclosure in the Age of AI
New article: "Responsible Disclosure in the Age of AI: A Call for Urgent Action," by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitab...
CVE-2026-10168
creationtimestamp| type| source ---|---|--- 2026-05-31 09:13:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn57yvfu272p...
CVE-2026-4387
StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...
CVE-2026-4387 Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file
StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...