CVE-2024-14001 Nagios XI < 2024R1.1.3 XSS via Executive Summary Report

Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

PT-2025-44558

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.3 Description Nagios XI is susceptible to cross-site scripting XSS through the Executive Summary Report component. A lack of proper input validation or escaping could allow an attacker to inject and execute...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.1.3 that stems from insufficient...

Ex-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm

Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has pleaded guilty to two counts of stealing trade secrets and selling them to an unnamed Russian software broker...

EUVD-2025-34915

ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 145 allows stored cross-site scripting XSS in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields in Movieinfos accept...

Houston CISO Meetup: The Strategic Shift from Mass Vulnerability Scanning to Proactive Exposure Reduction

Key takeaways from a CISO dinner with Al Lindseth and Hive Pro's Critt Golden. If you were one of the many CISO’s, CIO’s or cybersecurity leaders who joined our Threat Exposure Management dinner at Del Frisco’s Steak House in Houston yesterday, thank you for joining an oversold event! If you didn...

EUVD-2014-2643

Malware in sbrugna...

EUVD-2014-2642

Malware in sbrugna...

EUVD-2025-29495

Malicious code in bioql PyPI...

EUVD-2024-27653

Malicious code in bioql PyPI...

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware

Google Mandiant and Google Threat Intelligence Group GTIG have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and...

PT-2025-39340

CVE-2025-00456 UNDER DEVELOPMENT - USE AT YOUR OWN RISK!!! Enhanced Incident Summary Report Executive Summary On September 18, 2025, a medium-severity incident Risk Score https://t.co/DGZmVvA9zF...

Cindy Cohn Is Leaving the EFF, but Not the Fight for Digital Rights

After 25 years at the Electronic Frontier Foundation, Cindy Cohn is stepping down as executive director. In a WIRED interview, she reflects on encryption, AI, and why she’s not ready to quit the battle...

Replit AI Agent Deletes Sensitive Data Despite Explicit Instructions

Replit AI agent deleted data from 1,200+ executives and companies without permission, raising concerns about AI safety and control in live environments...

How to Advance from SOC Manager to CISO?

Making the move from managing a security operations center SOC to being a chief information security officer CISO is a significant career leap. Not only do you need a solid foundation of tech knowledge but also leadership skills and business smarts. This article will guide you through the practic...

How Digital Executive Protection Shields Top Leaders from Modern Threats

Cybersecurity threats have emerged so quickly that most companies struggle to keep up and executives are often the…...

New Guidance for SIEM and SOAR Implementation

Today, CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC and other international and U.S. partners, released new guidance for organizations seeking to procure Security Information and Event Management SIEM and Security Orchestration,...

CVE-2022-28387

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affec...

Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy

Toronto, Canada, 28th April 2025, CyberNewsWire...

Did DOGE &#8220;breach&#8221; Americans&#8217; data? (Lock and Code S06E08)

This week on the Lock and Code podcast … If you don't know about the newly created US Department of Government Efficiency DOGE, there's a strong chance they already know about you. Created on January 20 by US President Donald Trump through Executive Order, DOGE's broad mandate is “modernizing...