Backups Are Under Attack: How to Protect Your Backups

Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today's ransomware attacks initially target your last line of defense — your backup infrastructure. Before locking up your production environment, cybercriminals...

ETDI: Mitigating Tool Squatting and Rug Pull Attacks in Model Context Protocol (MCP) by Using OAuth-Enhanced Tool Definitions and Policy-Based Access Control

The Model Context Protocol MCP plays a crucial role in extending the capabilities of Large Language Models LLMs by enabling integration with external tools and data sources. However, the standard MCP specification presents significant security vulnerabilities, notably Tool Poisoning and Rug Pull...

CVE-2023-31206

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick 1 to...

CVE-2025-33136

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data...

CVE-2020-8826

As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication...

CVE-2020-11214

Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,...

CVE-2011-3617

Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person file delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12, which stems from improper protection of presumably immutable data and could...

Alibaba Cloud Linux 3 : 0061: python-cryptography (ALINUX3-SA-2024:0061)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0061 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-23931: cryptography is a package designed ...

CVE-2024-9876 Application is vulnerable to Privilege escalation

: Modification of Assumed-Immutable Data MAID vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...

OpenCTI 安全漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. A security vulnerability exists in OpenCTI versions prior to 6.4.8 through 6.4.10, which stems from a vulnerability that allows bypassing of allow/deny lists, and could lead to modification of immutable...

ABB多款产品 安全漏洞

ABB ANC ABB Adaptive Noise Cancellation and others are products of ABB Switzerland.ABB ANC is an industrial grade adaptive noise cancellation system for real-time cancellation of specific frequency band noise generated by equipment such as motors/transformers.ABB ANC-L ABB Active Noise Control-...

PICO: Secure Transformers Via Robust Prompt Isolation and Cybersecurity Oversight

We propose a robust transformer architecture designed to prevent prompt injection attacks and ensure secure, reliable response generation. Our PICO Prompt Isolation and Cybersecurity Oversight framework structurally separates trusted system instructions from untrusted user inputs through dual...

A Blockchain-Based Approach for Secure and Transparent E-Faktur Issuance in Indonesia'S VAT Reporting System

The implementation of blockchain technology in tax administration offers promising improvements in security, transparency, and efficiency. This paper presents the design of a blockchain-based e-Faktur system aimed at addressing the challenges of issuing and verifying tax invoices within Indonesia...

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration's review of the novel legal and poli...

External Control of Assumed-Immutable Web Parameter

Overview sylius/paypal-plugin is a PayPal plugin for Sylius. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter. The user-input payment amount is not adequately confirmed to be the same between payment completion and order authorization, in...

BIT-NEO4J-2024-34517

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...

CVE-2025-27893

In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. NOTE: the Supplier analyzed the reported...

CVE-2025-27893

In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. NOTE: the Supplier analyzed the reported...

CVE-2025-27893

Archer Platform 6–6.14.00202.10024 is affected by CVE-2025-27893. An authenticated user with record-creation privileges can intercept and modify a Copy request to GenericContent/Record.aspx?id=, manipulating immutable fields (e.g., creation date). However, according to sources, when switching to ...