EUVD-2021-31375

Malicious code in bioql PyPI...

How Google, Adidas, and more were breached in a Salesforce scam

At the heart of multiple data breaches against sophisticated and robust companies, including Google, Adidas, Louis Vuitton, and Chanel, was a rudimentary attack method that required little technical finesse—making a phone call. By disguising themselves as IT support personnel on the phone, hacker...

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud aka Salesforce Industries, exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration...

openSUSE Security Advisory (SUSE-SU-2025:01701-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-35808

Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66...

CVE-2019-14050

Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and...

CVE-2025-37907

No description is available for this CVE...

CVE Program Almost Unfunded

Mitre's CVE's program--which provides common naming and other informational resources about cybersecurity vulnerabilities--was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal...

Funding Expires for Key Cyber Vulnerability Database

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to...

CVE-2025-26671

creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review 2025-04-08 19:48:36+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114304071467930594 2025-04-08 20:07:38+00:00| seen|...

CVE-2025-22457

creationtimestamp| type| source ---|---|--- 2025-04-03 14:22:18+00:00| seen| https://bsky.app/profile/rcinghio.bsky.social/post/3llw3znpsvc2d 2025-04-03 14:24:04+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus9/2025 2025-04-03 14:38:36+00:00| seen|...

Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world...

Steps to TruRisk™ – 1: Shift to Priority-Driven Strategies

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” — Sun Tzu Security and IT teams are drowning in alerts, scrambling to patch everything they can, yet breaches still happen. Not all vulnerabilities pose the same risk. While reducing totals may seem like...

Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks

Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw CVE-2025-0289 is part of a set of five vulnerabilities that was discovered by Microsoft,...

Millions of stalkerware users exposed again

There are many reasons not to use stalkerware, but the risk of getting exposed yourself seems to be a recurring deterrent, according to a new investigaton. As we have reported many times before, stalkerware-type apps are coded so badly that it’s possible to gain access to the back-end databases a...

Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025

In today's rapidly evolving digital landscape, weak identity security isn't just a flaw—it's a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without...

CVE-2025-25898

creationtimestamp| type| source ---|---|--- 2025-02-13 16:17:25+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li33mfp3iq2a 2025-02-13 17:12:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4281 2025-02-13 18:50:37+00:00| seen|...

CVE-2025-1144

creationtimestamp| type| source ---|---|--- 2025-02-11 03:26:03+00:00| seen| https://infosec.exchange/users/cve/statuses/113983118583973641 2025-02-11 04:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhusdstvrm2q 2025-02-11 04:48:27+00:00| seen|...

CVE-2025-21546

CVE-2025-21546 affects Oracle MySQL Server (Server: Privileges) with vulnerable ranges: 8.0.40 and prior, 8.4.3 and prior, and 9.1.0 and prior. The Nessus-based sources describe this as an easily exploitable, network-accessible vulnerability that can let a high-privileged attacker update, insert,...

CVE-2024-2462

creationtimestamp| type| source ---|---|--- 2025-01-16 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-06 2025-03-04 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-05...