EUVD-2022-2643

Malicious code in bioql PyPI...

Microsoft named a Leader in the IDC MarketScape for XDR

When cybersecurity stakes are high and complexity is the norm, Microsoft doesn’t just participate, it excels with Microsoft Defender XDR—built to anticipate, disrupt, and outpace modern cyberthreats. We are excited to announce that Microsoft has been named a Leader in the IDC MarketScape: Worldwi...

WestJet Confirms Passenger IDs and Passports Stolen in Cyberattack

WestJet confirms a data breach starting June 13, 2025, stole passport/ID and personal data. Credit cards and passwords are safe. The airline offers 24 months of free identity monitoring, including $1M insurance...

Intelligent Graybox Fuzzing Via ATPG-Guided Seed Generation and Submodule Analysis

Hardware Fuzzing emerged as one of the crucial techniques for finding security flaws in modern hardware designs by testing a wide range of input scenarios. One of the main challenges is creating high-quality input seeds that maximize coverage and speed up verification. Coverage-Guided Fuzzing CGF...

xss-security-scanner

XSS Security Scanner A professional web-based XSS vulnerabili...

Agentic Discovery and Validation of Android App Vulnerabilities

Existing Android vulnerability detection tools overwhelm teams with thousands of low-signal warnings yet uncover few true positives. Analysts spend days triaging these results, creating a bottleneck in the security pipeline. Meanwhile, genuinely exploitable vulnerabilities often slip through,...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-7711-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7711-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...

CVE-2025-43769

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote attackers to execute arbitrary web script or HTML via...

MultiFuzz: a Dense Retrieval-Based Multi-Agent System for Network Protocol Fuzzing

Traditional protocol fuzzing techniques, such as those employed by AFL-based systems, often lack effectiveness due to a limited semantic understanding of complex protocol grammars and rigid seed mutation strategies. Recent works, such as ChatAFL, have integrated Large Language Models LLMs to guid...

CVE-2025-55286

z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing MSAA method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing SSAA method. Under certa...

CVE-2025-55286

z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing MSAA method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing SSAA method. Under certa...

CVE-2025-55286 z2d OOB drawing with new multi-sample anti-aliasing could lead to invalid memory access and corruption

z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing MSAA method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing SSAA method. Under certa...

CVE-2025-55286 z2d OOB drawing with new multi-sample anti-aliasing could lead to invalid memory access and corruption

z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing MSAA method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing SSAA method. Under certa...

Malicious code in dd-test-coverage-sandbox (npm)

The package dd-test-coverage-sandbox was found to contain malicious code...

Malicious code in php-code-coverage (npm)

The package php-code-coverage was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-29178 Malicious code in php-code-coverage (npm)

The package php-code-coverage was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-18112 Malicious code in dd-test-coverage-sandbox (npm)

The package dd-test-coverage-sandbox was found to contain malicious code...

What happened in Vegas (that you actually want to know about)

Welcome to this week's edition of the Threat Source newsletter. Last week I flew 5,000 miles to Las Vegas for Black Hat USA. After navigating the casino carpet labyrinth and finding the only venue in Nevada that serves a proper English breakfast tea with milk lifesaver, I've decided Black Hat fee...

AI SOC 101: Key Capabilities Security Leaders Need to Know

Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stake...

CVE-2025-53766

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-08-12 20:14:41+00:00| seen| https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/ 2025-08-12 20:19:28+00:00|...