CVE-2025-53544 Trilium Notes is Vulnerable to Brute-force Protection Bypass via Initial Sync Seed Retrieval

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-53544

CVE-2025-53544 concerns Trilium Notes prior to 0.97.0, where a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. The app is described as a single-user, username-less system, with...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Inside the Ransomware Economy in 2025: Q2 Trends & Key Insights You Need to Know

Building on insights from Rapid7’s Q1 and Q2 2025 ransomware trend reports, it’s clear that the ransomware economy continues to evolve – and not just in volume, but also in business maturity. As threat actors shift tactics, tools, and partnerships, defenders face a complex landscape shaped by...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

tomcat: Apache Tomcat denial of service

A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...

BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation...

Exploit for Incorrect Default Permissions in Microsoft

This List is no longer updated. Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and...

Salesforce Tableau Server 安全漏洞

Salesforce Tableau Server is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, which stems from insufficient validation of the validate-initial-sql...

Salesforce Tableau 安全漏洞

Salesforce Tableau is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, which stems from insufficient validation of the set-initial-sql command and could...

SUSE-SU-2025:20499-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_10

This update for kernel-livepatch-MICRO-6-0-RTUpdate10 fixes the following issues: - Initial livepatch for 10th RT kernel update...

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Cybersecurity researchers have shed light on a new ransomware-as-a-service RaaS operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

SUSE CVE-2025-53506

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

The Initial Access Broker IAB known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the monike...

UBUNTU-CVE-2025-38187

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...

SUSE CVE-2025-38120

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapoavx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early fix was incomplete and...