CVE-2025-46336

CVE-2025-46336 affects Rack::Session within the Rack::Session::Pool middleware. In versions 2.0.0 up to but not including 2.1.1, if an attacker has a valid session cookie and can trigger a long-running request adjacent to a user logout, the session may be restored, allowing illicit access after l...

FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box

A rather remarkable story has emerged, setting the scene for lively debates about permissible system access. A press release from the US Department of Justice Judge has revealed that the FBI were granted permission to perform some tech support backdoor removal. Bizarrely, they did this without...