EUVD-2022-3599

Malicious code in bioql PyPI...

EUVD-2022-25109

Malicious code in bioql PyPI...

CVE-2025-24899

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

CVE-2022-29164

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

CVE-2025-24899 Disclosure of Sensitive User Information via API in reNgine

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

CVE-2025-24899 Disclosure of Sensitive User Information via API in reNgine

reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...

PT-2025-5596 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.2.0 Description: A vulnerability was discovered in reNgine, where an insider attacker with any role can extract sensitive information from other reNgine users. After running a scan and obtaining vulnerabilities fro...

GHSA-J44V-MMF2-XVM9 PDM Trojan Lockfile

Summary It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. Details Project foo can be targeted by creating the project foo-2 and uploading the fil...

Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Framing Frames)

Vulnerability in IEEE 802.11 implementation is found. A malicious insider can intercept traffic at the MAC layer by disconnecting a victim and connecting to the network using the victim’s MAC address and the attacker’s credentials even if clients are prevented from communicating with each other...

CVE-2022-1833

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives...

Design/Logic Flaw

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives...

CVE-2022-1833

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives...

CVE-2022-29164

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

Insider attack

Handle walker Vulnerability details type: Custodial One should note the custodial nature of the current implementation. A single malicious developer could use their access to the governance multi-sig accounts to extract all the funds from the smart contract. Even under the assumption that the who...

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted...

Insider Attack on the Carnegie Library

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. Its a perennial problem: trusted insiders have to be trusted...

What We Can Learn from the Capital One Hack

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps the result of a previously unknown "zero-day" flaw, or an "insider" attack in which the accus...

Recovering Keyboard Inputs through Thermal Imaging

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we huma...

Insider Attack on Lottery Software

Eddie Tipton, a programmer for the Multi-State Lottery Association, secretly installed software that allowed him to predict jackpots. What's surprising to me is how many lotteries don't use real random number generators. What happened to picking golf balls out of wind-blown steel cages on...

Snowden used web crawler tool to access and download 1.7 million Secret NSA Files

National Security Agency NSA – the one that had ruled over the privacy of the entire world from countries to individuals, the one with master access to read anyone’s data, intruded into large fiber networks, and can target anyone, at any time, at any place; but lapsed somewhere in protecting its...