Spring Office Hours Podcast: S5E13 - Community Potluck

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this Potluck episode, Dan and DaShaun open up the floor to the community, answering your questions on Spring Boot, Spring AI, Spring Security, and whatever else is on your mind. Potluck episodes are shaped...

USN-8049-1: Nova vulnerability

Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system...

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth credentials. One such package, named "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit," mimics a Google Ads...

CVE-2025-23895

Cross-Site Request Forgery CSRF vulnerability in Dan Cameron Add RSS add-rss allows Stored XSS.This issue affects Add RSS: from n/a through = 1.5...

A Bootiful Podcast: Dan Vega on the fundamentals of software engineering

Hi, Spring fans! I'm so excited to chat with fellow Spring developer advocate Dan Vega about his new book, Fundamentals of Software Engineering...

Malicious code in mitali-dan-ujokuli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a014ebee66889b19c5a0043a42c832a6b11195ef74d96380ae84220c1ee5aa5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183918 Malicious code in mitali-dan-ujokuluaia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd418f93d91ee5bd14ee4e9a922937c05928bf21ffe4d2a9530bf34d76d1178e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183915 Malicious code in mitali-dan-ujokui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff51f7960fa4264b5ea644beb41d4e8884ad25329bd72cdaa1c1bb436ea7e93b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Sendmarc appoints Dan Levinson as Customer Success Director in North America

Wilmington, Delaware, 21st October 2025, CyberNewsWire...

EUVD-2008-4649

Malware in sbrugna...

EUVD-2008-1565

Malware in sbrugna...

EUVD-2006-5167

Malware in sbrugna...

EUVD-2006-6020

Malware in sbrugna...

EUVD-2025-4211

Malicious code in bioql PyPI...

EUVD-2025-3513

Malicious code in bioql PyPI...

EUVD-2023-56217

Malicious code in bioql PyPI...

CVE-2023-46615

Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7...

CVE-2025-24640

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through = 1.0...

CVE-2025-24640 WordPress Empty Tags Remover Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through = 1.0...

RHEL 6 : openstack-glance (RHSA-2013:0209)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0209 advisory. These packages provide a service code name Glance that acts as a registry for virtual machine images. It was found that when the OpenStack Glance...