EUVD-2025-7132

Malicious code in bioql PyPI...

A Bootiful Podcast: Dr. Kris De Volder on developer tooling for Spring developers and AI

Hi, Spring fans! In this installment we talk to Spring tooling legend Dr. Kris De Volder on tooling, AI, and so much more...

CVE-2025-7691 Privilege Defined With Unsafe Actions in GitLab

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access...

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name...

PocketVJ CP 安全漏洞

PocketVJ CP is a control panel software by magdesign individual developers. A security vulnerability exists in PocketVJ CP version 3.9.1, which stems from a flaw in the submitsize.php component that could lead to the execution of arbitrary code...

Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer

Hackers are posing as Empire podcast hosts, tricking crypto influencers and developers with fake interview invites to deliver macOS AMOS Stealer malware...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

PS5-IPV6-Kernel-Exploit

This is an experimental webkit-based kernel exploit for the PS5 on firmware versions = 4.51. The exploit establishes an arbitrary read / semi-arbitrary write primitive, but it cannot achieve code execution due to the hypervisor-enforced kernel write protection and Clang-based fine-grained Control...

Linux Distros Unpatched Vulnerability : CVE-2025-5819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed...

Linux Distros Unpatched Vulnerability : CVE-2023-2022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting...

PT-2025-34995

Name of the Vulnerable Software and Affected Versions: Savyour Affiliate Partner versions through 2.1.4 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Savyour Affiliate Partner, which also allows Stored Cross-Site Scripting XSS. Recommendations: Update Savyour Affiliate...

Developer verification: a promised lift for Android security

To reduce the number of harmful apps targeting Android users, Google has announced that certified Android devices will require all apps to be registered by verified developers in order to be installed. But this new measure is not just about malware that's found on the Google Play Store, it’s main...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates in f2fs that could lead to out-of-bounds access when devs.path length equals MAXPATHLEN...

[SECURITY] Fedora 41 Update: python3.6-3.6.15-49.fc41

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

BIT-GITLAB-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

MAL-2025-34584 Malicious code in taxjar-developers (npm)

The package taxjar-developers was found to contain malicious code...

Malicious code in taxjar-developers (npm)

The package taxjar-developers was found to contain malicious code...

GitLab 15.7 < 18.0.6 / 18.1 < 18.1.4 / 18.2 < 18.2.2 (CVE-2025-5819)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer acces...

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...