PT-2025-7919 · Zoom · Zoom Workplace Sdks +1

Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps and SDKs affected versions not specified Description: The issue is related to a use after free condition in some Zoom Workplace Apps and SDKs, which may allow an authenticated user to conduct a denial of service via networ...

TVs at HUD Played an AI-Generated Video of Donald Trump Kissing Elon Musk’s Feet

On Monday morning, TV sets at the headquarters of the Department of Housing and Urban Development played the seemingly AI-generated video on loop, along with the words “LONG LIVE THE REAL KING.”...

TFTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an PPC64 payload from a TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/ppc64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show...

INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech

Cary, North Carolina, 19th February 2025, CyberNewsWire...

ALSA-2025:1582 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

The vulnerability of the JWT OmniAuth provider configuration on the software platform based on git, which allows a hacker to perform XSS attacks during collaborative code development on GitLab.

The vulnerability of the JWT OmniAuth provider configuration on the software platform based on Git, for collaborative code development on GitLab, is related to the exploitation of cross-site requests. Exploiting this vulnerability allows a malicious actor to carry out a Cross-Site Scripting XSS...

CVE-2025-20615

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

RLSA-2025:0426 Moderate: java-21-openjdk security update for Rocky Linux 8.10, 9.4 and 9.5

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Dev and Sec: The Perfect Pair <3

Discover how this dynamic duo creates secure, agile environments – and how you can foster their romance in your organization...

Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams

Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, "Opening the Fast Lane for Secur...

Malicious code in biconomy-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ccacc09681a6383aa261381df93b651a806293270c031081ae4af8f993652c7 Any computer that has this package install...

Malicious code in crypto-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bed52b1811db7c40f9bfbc1e7e15add32d6e51e3ec04d0bf81faf038a5a1c88 Any computer that has this package install...

ALSA-2025:1443 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

CISA: Eliminating Buffer Overflows

This Secure by Design Alert is part of an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle. This paper focuses on buffer overflows...

Siemens SIPROTEC 5 安全漏洞

Siemens SIPROTEC 5 is a multifunction relay from Siemens Germany. A security vulnerability exists in the Siemens SIPROTEC 5 that stems from the affected device not properly restricting access to the development shell through the physical interface. This could allow an unauthenticated attacker to...

esbuild enables any website to send any requests to the development server and read the response

Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. Details esbuild sets Access-Control-Allow-Origin: header to all requests, including the SSE connection, which allows any websites to send any request to the...

PT-2025-6214 · Esbuild · Esbuild

Name of the Vulnerable Software and Affected Versions: esbuild affected versions not specified Description: The issue allows any website to send requests to the development server and read the response due to default CORS settings. This is because esbuild sets the Access-Control-Allow-Origin:...

CVE-2025-22129

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, an...

[SECURITY] Fedora 40 Update: FlightGear-2020.3.19-8.fc40

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...