10 matches found
MAL-2026-4218 Malicious code in solidity-deploy-guard (npm)
A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...
Tyler Identity Local 安全漏洞
Tyler Identity Local is a government and public sector identity authentication and local identity management system developed by the American company Tyler. Tyler Identity Local has a security vulnerability, which stems from the use of documented default management credentials. Users do not need ...
Shape and Substance: Dual-Layer Side-Channel Attacks on Local Vision-Language Models
On-device Vision-Language Models VLMs promise data privacy via local execution. However, we show that the architectural shift toward Dynamic High-Resolution preprocessing e.g., AnyRes introduces an inherent algorithmic side-channel. Unlike static models, dynamic preprocessing decomposes images in...
7 Steps for Securing Generative AI in Enterprises
Think of your AI strategy like building a skyscraper. You wouldn't construct twenty floors and then try to figure out where the foundation should go. Security must be part of the blueprint from the very beginning. Bolting on security measures after an AI model is already in use is a recipe for...
EUVD-2021-25568
Malware in sbrugna...
Citrix Endpoint Management (aka XenMobile Server) 10.16.0 Rolling Patch 5
Package name: xms10.16.0.10551.bin For: XenMobile Server 10.16.0 Deployment type: On-premises only Replaces: xms10.16.0.10427.bin, xms10.16.0.10318.bin, xms10.16.0.10205.bin, xms10.16.0.10108.bin Date: April 2025 Languages supported: English US Important notes about this update As a best practice...
SUSE CVE-2019-10182
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user...
Citrix Endpoint Management (aka XenMobile Server) 10.12.0 Rolling Patch 11
Package name: xms10.12.0.11103.bin For: XenMobile Server 10.12.0 Deployment type: On-premises only Replaces: xms10.12.0.11004.bin, xms10.12.0.10917.bin, xms10.12.0.10818.bin, xms10.12.0.10714.bin, xms10.12.0.10613.bin, xms10.12.0.10539.bin, xms10.12.0.10417.bin, xms10.12.0.10324.bin,...
CVE-2019-15507
Octopus Deploy exposes a vulnerability (CVE-2019-15507) affecting versions 2018.8.4 to 2019.7.6 where, if a web request proxy is configured and the user is authenticated, a deployment could cause the web proxy password to be logged in cleartext. The issue is fixed in 2019.7.7, with back-ports to ...
Should You Send Your Pen Test Report to the MSRC?
Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...