15 matches found
CVE-2026-48783
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
PT-2026-50122
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response
Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations...
EUVD-2025-21905
Malicious code in bioql PyPI...
CVE-2025-59434
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-45156
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...
CVE-2025-45156
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...
CVE-2025-45156
Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...
CVE-2025-45156
Splashin iOS v2.0 is affected by a vulnerability where the application does not enforce server-side interval restrictions for location updates for free-tier users. The root cause is the lack of enforcement of update intervals on the server side, as described in PT-2025-30063. The impact is the po...
Wallarm to Unveil New API Security Solution and Strategic Shift at Black Hat Europe 2023
If you're involved with cybersecurity and are based in Europe, then Black Hat Europe 2023 in London, December 6 and 7 is a must-attend event. Wallarm, the experts in API and Application Security, will be attending the event, and we're excited to connect with you. If you are planning to attend, co...
Unlocking API Security Excellence: Wallarm at OWASP Global AppSec DC 2023
If you're involved in securing APIs, applications and web applications, or looking to learn about these, then the OWASP Global AppSec DC Conference next week is a must-attend event. Wallarm, the experts in API and application security, will be there, and we're excited to connect with you on Octob...
How to Export Your Passwords From LastPass
The popular security service is severely limiting its free tier starting March 16. If you’d like to move your passwords to another manager, here’s how...
Akamai Offers Free Tier for Client-Side Edge Security
In March of 2020, Akamai saw a dramatic 30% rise in internet traffic --- equivalent to an entire year of growth 1. Post-pandemic, Akamai believes there will be a return to normal internet traffic growth, but many things will never be the same. In general, we particularly expect to see greater...
New Relic: Users can enable API access for free via mass assignment
Free tier users aren't allowed API access, but it's possible to bypass this restriction thanks to a mass assignment bug. To replicate this, first verify that you don't already have API access by visiting: Account Settings - API Explorer - Create an API Key You should see the message "This feature...
Tor Project Sets Up Cloud Bridge Project on Amazon EC2
The Tor Project has started a new system designed to help people start and run Tor bridges in the cloud using Amazon’s EC2 platform. The Tor Cloud runs on Amazon’s new micro-instance tier that lets people run instances for free for the first year. Tor is used by people around the world to help...