Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...

From points to payouts: The evolution of the Microsoft security researcher leaderboard

The global security research community plays a critical role in helping Microsoft protect customers. Through their deep technical expertise, coordinated disclosure, and collaboration, researchers help identify and remediate vulnerabilities, and shape how our security programs evolve. Many of the...

EUVD-2012-2185

Malware in sbrugna...

EUVD-2005-1874

Malware in sbrugna...

EUVD-2013-6155

Malware in sbrugna...

EUVD-2012-2197

Malware in sbrugna...

EUVD-2012-2184

Malware in sbrugna...

EUVD-2022-37901

Malicious code in bioql PyPI...

Dow’s 125-year legacy: Innovating with AI to secure a long future

Founded more than 125 years ago, Dow has demonstrated a commitment to leveraging science to make the world a better place. Today, Dow’s ambition to be the most innovative, inclusive, and sustainable materials science company is supported by a global security team dedicated to keeping employees,...

CVE-2025-47652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through = 2.13.4...

PT-2025-30930 · Gnome +1 · Libsoup +1

Name of the Vulnerable Software and Affected Versions: Libsoup affected versions not specified Description: A global buffer overflow vulnerability exists in the soup header name to string function. The function does not validate the name parameter, directly accessing soup header name stringsname...

Take Command Summit: Take Breaches from Inevitable to Preventable on May 21

Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. In 2024, adversaries are using AI and new techniques, working in gangs...

Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback

NSO Group, creator of the infamous Pegasus spyware, is spending millions on lobbying in Washington while taking advantage of the crisis in Gaza to paint itself as essential for global security...

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as...

IBM Global Security Kit Encryption Issues Vulnerability

IBM Global Security Kit is a library and utility program for SSL or TLS communications from International Business Machines IBM. The IBM Global Security Kit suffers from a cryptographic issue vulnerability that stems from a time-based side-channel in the RSA decryption implementation, which could...

Security Bulletin: Security Vulnerabilites fixed in IBM WebSphere Application Server 8.5.0.2

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.5.0.2 Content VULNERABILITY DETAILS: CVE ID:CVE-2013-0458 PM71139 DESCRIPTION: WebSphere Application Server could allow a cross-site scripting attack, caused by improper validation of...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in GSKit (CVE-2012-2203, CVE-2012-2191, CVE-2012-2190)

Abstract Vulnerabilities in IBM Global Security Kit GSKit, shipped as part of IBM Tivoli Composite Application Manager for Transactions ITCAM for Transactions. Content VULNERABILITY DETAILS: Security vulnerabilities have been discovered in the GSKit libraries. ITCAM for Transactions uses the GSKi...

Anatomy of a Cloud-Service Security Update

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections promptly. We recently discussed the work that goes...

Observed Changes to the Threat Landscape in 2020

Reflecting on the cybersecurity threat landscape in 2020, we can't overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling conditions. As corporations tried to adapt to...

Observed Changes to the Threat Landscape in 2020

Reflecting on the cybersecurity threat landscape in 2020, we can't overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling conditions...