AlmaLinux 9 : thunderbird (ALSA-2025:14640)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:14640 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escape due ...

MAL-2025-11188 Malicious code in @zalastax/nolb-dod (npm)

The package @zalastax/nolb-dod was found to contain malicious code...

Malicious code in @zalastax/nolb-dod (npm)

The package @zalastax/nolb-dod was found to contain malicious code...

Strengthening DOD Cybersecurity: The Journey to Zero Trust by 2027

...

Why Hardsec Matters: From Protecting Critical Services to Enhancing Resilience

Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before...

U.S. Dept Of Defense: DoD workstation exposed to internet via TinyPilot KVM with no authentication

The DoD workstation was exposed to the internet via a TinyPilot KVM device without any authentication. The TinyPilot KVM device was connected to the workstation and allowed remote access to the system over the internet...

U.S. Dept Of Defense: IDOR : Modify other users demographic details

The IDOR vulnerability allowed a malicious user to modify other user's demographic details on the vulnerable domain www.█████████. The vulnerability was present in the /JOINOnline/Board/SubmitDoc endpoint, where the user ID parameter was not properly validated, allowing an attacker to update the...

Wiz for Gov is in process for DoD IL4 Authorization

We are excited to be ‘in-process’ for DoD IL4, continuing our commitment to helping public sector secure everything they build and run in the cloud...

U.S. Dept Of Defense: Parâmetro XSS: Nome de usuário - █████████

The report describes a cross-site scripting XSS vulnerability in the username parameter of an application. The vulnerability was demonstrated using Burp Suite, where the attacker was able to inject malicious JavaScript code into the username field. No further details were provided about the...

Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents

By Waqas The documents were leaked on December 6th, 2023, on Breach Forums. This is a post from HackRead.com Read the original post: Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents...

U.S. Dept Of Defense: Automatic Admin Access

The automatic administrative access vulnerability allowed a user to access the application with full administrative privileges, including the ability to create submissions, manage users, and access sensitive data. The vulnerability impacted the integrity, confidentiality, and availability of the...

U.S. Dept Of Defense: Leaks of username and password leads to CVE-2018-18862 exploitation

A set of credentials for a BMC Remedy ITSM system were publicly exposed and leaked, allowing an attacker to access the system with the rights of these users. The vulnerability, CVE-2018-18862, was exploited through incorrect access control, potentially allowing the attacker to list roles and...

U.S. Dept Of Defense: Reflected XSS in ██████████

A reflected XSS vulnerability was found on one of the subdomains of a website. The vulnerability was present in the "militarybranch" parameter of the "NextRequestAccount.action" page. An attacker could exploit this vulnerability to execute XSS attacks and steal user's cookies, launch phishing...

U.S. Dept Of Defense: Reflected XSS in ██████

A reflected XSS vulnerability was found on one of the subdomains of a system. The vulnerability was located in the emailbody parameter of the PreviewLetterhead.aspx page. An attacker could exploit this vulnerability to execute malicious scripts and steal user's cookies, launch phishing attacks, a...

Okta breached last month, no customers compromised

Some of Oktas source code fell into the hands of an unauthorized party. The code was stolen from GitHub in the first part of December, according to a statement issued by the company. In the same statement the company reassured users that there was no impact to any customers. Okta Okta is an acces...

U.S. Dept Of Defense: Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset

An improper access control vulnerability was found on a MediaWiki website, allowing attackers to restart the installation process without authentication. The vulnerability was fixed by blocking all access to the mw-config folder...

Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense DoD released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state...

Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense DoD released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state...

Ease Your Cybersecurity Maturity Model Certification Journey With Qualys

The Cybersecurity Maturity Model Certification CMMC is a cybersecurity training, certification, and assessment program from the United States Department of Defense DoD. CMMC is designed to provide increased assurance to the DoD that a contractor can adequately protect controlled unclassified...

U.S. Dept Of Defense: IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/

Dear DoD team, I found one critical bug on your domain: https://██████/ It's IDOR. Also this domain is from Hack US program. What is that IDOR? Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user-supplied input to access...