The Database Kill Chain

Cyber Threat Modeling Frameworks Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modelin...

72% of people are worried their data is being misused by the government, and that’s not all…

Bad vibes are big news in privacy right now, with the public feeling isolated in securing their sensitive information from companies, governments, AI models, and scammers. That’s the latest from Malwarebytes research conducted this month, which revealed that the vast majority of people are...

MAL-2025-3179 Malicious code in bitcore-message-zen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a0777f44eab903be6813ba2ee9c115eb559b4cad5e561e95dc8ead1f488aeee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AlmaLinux 9 : webkit2gtk3 (ALSA-2025:3713)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:3713 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate...

CVE-2025-27732

Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

CVE-2025-30450

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access sensitive user data...

CVE-2025-30463

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

User may override a view's collation and gain unauthorized access to underlying data

A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...

CVE-2025-24239

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-24263

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data...

CVE-2025-24198

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access may be able to use Siri to access sensitive user data...

CVE-2025-30223

Beego (Go framework) contains an XSS vulnerability in RenderForm() up to version 2.3.5, caused by improper HTML escaping of user-controlled data. This allows injection of attacker-controlled JavaScript in rendered forms, potentially enabling session hijacking, credential theft, or account takeove...

New innovations in Microsoft Purview for protected, AI-ready data

The Microsoft Fabric and Microsoft Purview teams are excited to be in Las Vegas from March 31 to April 2, 2025, for the second annual and highly anticipated Microsoft Fabric Community Conference. With more than 200 sessions, 13 focused tracks, 21 hands-on workshops, and two keynotes, attendees ca...

GoodAccess Installed (macOS)

Binary data goodaccessmacosinstalled.nbin...

PT-2025-13580 · Unknown · Sourcecodester Online Exam System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Exam System version 1.0 Description: The issue is related to SQL Injection via the dash.php file. This allows for potential exploitation. Recommendations: For Sourcecodester Online Exam System version 1.0, consider...

PT-2025-13085 · Smackcoders · Smackcoders Lead Form Data Collection To Crm

Name of the Vulnerable Software and Affected Versions: smackcoders Lead Form Data Collection to CRM versions n/a through 3.0.1 Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command, which allows Blind S...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation...

Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence GenAI...

Microsoft unveils Microsoft Security Copilot agents and new protections for AI

In this age of AI, securing AI and using it to boost security are crucial for every organization. At Microsoft, we are dedicated to helping organizations secure their future with our AI-first, end-to-end security platform. One year ago, we launched Microsoft Security Copilot to empower defenders ...