Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency CISA after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub accoun...

CISA Security Leak

Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the...

CVE-2026-1181

Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing CORS policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could...

EUVD-2021-7097

Malicious code in bioql PyPI...

CVE-2021-1630

XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...

RHEL 7 : Satellite 6.10 Release (Moderate) (RHSA-2021:4702)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4702 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...

Moderate: Red Hat Security Advisory: Satellite 6.10 Release

An update is now available for Red Hat Satellite 6.10 for RHEL 7. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: python-ecdsa...

CVE-2021-1630

XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...

Xxe

XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...

CVE-2021-1630

CVE-2021-1630 is an XML External Entity (XXE) vulnerability in a Mule runtime component affecting multiple deployment options (CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on‑premises). The connected data consistently describe XXE as the underlying flaw, b...

CVE-2021-1630

XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...

Top 10 Things CSPs Need to Know about FedRAMP Authorization on Amazon Web Services

Coalfire conducted a webinar, FedRAMP on AWS: What you need to know. The discussion covered what cloud service providers need to know when pursuing FedRAMP authorization leveraging AWS U.S East/West or GovCloud. Below youll find the Top 10 things that cloud service providers should know...