CVE-2025-27460 CVE-2025-27460

The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker ca...

PT-2025-27789 · Microsoft · Bitlocker +1

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue concerns the lack of full volume encryption on device hard drives, such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating...

The vulnerability of the cet.c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the cet.c component in the Linux operating system’s kernel is related to the lack of data security mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-6521 TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm

During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which...

CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. Th...

Technical Evaluation of a Disruptive Approach in Homomorphic AI

We present a technical evaluation of a new, disruptive cryptographic approach to data security, known as HbHAI Hash-based Homomorphic Artificial Intelligence. HbHAI is based on a novel class of key-dependent hash functions that naturally preserve most similarity properties, most AI algorithms rel...

Optimizing System Latency for Blockchain-Encrypted Edge Computing in Internet of Vehicles

As Internet of Vehicles IoV technology continues to advance, edge computing has become an important tool for assisting vehicles in handling complex tasks. However, the process of offloading tasks to edge servers may expose vehicles to malicious external attacks, resulting in information loss or...

Security Bulletin: IBM Guardium Data Protection is affected by kernel vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update Vulnerability Details CVEID:CVE-2024-43866 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health in shutdown callback There is no point in recovery during...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where use...

Data Breach Reporting for regulatory requirements with Microsoft Data Security Investigations​​

Seventy-four percent of organizations surveyed experienced at least one data security incident with their business data exposed in the previous year as reported in Microsoft’s Data Security Index: Trends, insights, and strategies to secure data report. Despite the best people, process and...

CVE-2025-49452 WordPress PostaPanduri <= 2.1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Ladó PostaPanduri allows SQL Injection. This issue affects PostaPanduri: from n/a through 2.1.3...

The vulnerability of the IBM Watson Query on Cloud Pak for Data software lies in the insecure management of privileges, allowing an attacker to gain unauthorized access to protected information.

The vulnerability of IBM Watson Query on Cloud Pak for Data relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something's wrong. This week's stories aren't just about what was attacked—but how...

TencentOS Server 4: python-urllib3 (TSSA-2025:0061)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0061 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

MAL-2025-4940 Malicious code in puppeteer-proxy-http (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f40925e51ac8a3b8f89bbd8ab3a8f34b05e948007dc3b79a88a115191fbee417 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SALAD: Systematic Assessment of Machine Unlearing on LLM-Aided Hardware Design

Large Language Models LLMs offer transformative capabilities for hardware design automation, particularly in Verilog code generation. However, they also pose significant data security challenges, including Verilog evaluation data contamination, intellectual property IP design leakage, and the ris...

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud aka Salesforce Industries, exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration...

CVE-2025-47167

Microsoft Office remote/local code execution vulnerability CVE-2025-47167 arises from an incompatible type (type confusion) when accessing resources, allowing an unauthenticated or authenticated attacker to execute code with the user’s context. Affected products span Office suite components (Word...

Laravel Translation Manager Vulnerable to Stored Cross-site Scripting

Impact The application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive...