Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used "compromised websites to redirect visitors to malicious infrastructure...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

GHSA-5PM9-R2M8-RCMJ

creationtimestamp| type| source ---|---|--- 2025-08-28 17:53:15+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115107665952068380...

The API Security Reality Check: Key Takeaways from Q2 2025 API ThreatStats Report

API security has never been more crucial. Vulnerabilities are growing in volume and severity. AI integrations are a burgeoning attack vector. Increasing GraphQL adoption presents hidden dangers. To protect your organization, you must secure your APIs. Keep reading for our key takeaways from the...

CVE-2025-55495

creationtimestamp| type| source ---|---|--- 2025-08-27 20:05:11+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115102522440790372...

Linux Distros Unpatched Vulnerability : CVE-2021-39869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. CVE-2021-39869 Note that Nessus relies ...

Linux Distros Unpatched Vulnerability : CVE-2021-39917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all version...

Linux Distros Unpatched Vulnerability : CVE-2025-6498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The...

MAL-2025-34287 Malicious code in swicks (npm)

The package swicks was found to contain malicious code...

Data and Context Matter: Towards Generalizing AI-Based Software Vulnerability Detection

The performance of AI-based software vulnerability detection systems is often limited by their poor generalization to unknown codebases. In this research, we explore the impact of data quality and model architecture on the generalizability of vulnerability detection systems. By generalization we...

Intel Local Manageability Service Advisory - Lenovo Support US

No description provided...

Securing Educational LLMs: a Generalised Taxonomy of Attacks on LLMs and DREAD Risk Assessment

Due to perceptions of efficiency and significant productivity gains, various organisations, including in education, are adopting Large Language Models LLMs into their workflows. Educator-facing, learner-facing, and institution-facing LLMs, collectively, Educational Large Language Models eLLMs,...

Linux Distros Unpatched Vulnerability : CVE-2023-52894

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fncm: fix potential NULL ptr deref in ncmbitrate In Google internal bug 265639009 we've received an as yet unreproducible crash report from an...

Multi-Stage Knowledge-Distilled VGAE and GAT for Robust Controller-Area-Network Intrusion Detection

The Controller Area Network CAN protocol is a standard for in-vehicle communication but remains susceptible to cyber-attacks due to its lack of built-in security. This paper presents a multi-stage intrusion detection framework leveraging unsupervised anomaly detection and supervised graph learnin...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1881)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

PoC exploit for CVE-2025-32463, a privilege escalation vulnerabi...

Exploit for Code Injection in Xwiki

CVE-2025-24893 PoC | XWiki Platform 15.10.10 - Remote Code...

ASTRA: Autonomous Spatial-Temporal Red-Teaming for AI Software Assistants

AI coding assistants like GitHub Copilot are rapidly transforming software development, but their safety remains deeply uncertain-especially in high-stakes domains like cybersecurity. Current red-teaming tools often rely on fixed benchmarks or unrealistic prompts, missing many real-world...

Git Multiple Vulnerabilities (Aug 2025) - Windows

Git is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:git:git"; ifdescription...

Exploit for Command Injection in Fit2Cloud 1Panel

CVE-2025-54424 CVE-2025-54424: 1Panel client vulnerability in...