9992 matches found
Why Most DDoS Protection Fails: Solving for Continuity and Resilience
Most organisations assume DDoS Distributed denial of service protection is a box they’ve already ticked. If traffic spikes or an attack starts, the thinking goes, their provider will absorb it and move on. But in the real world it can be a different story. Many incidents aren’t caused by the scal...
OESA-2026-1572 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MI...
Activation Surgery: Jailbreaking White-Box LLMs without Touching the Prompt
Most jailbreak techniques for Large Language Models LLMs primarily rely on prompt modifications, including paraphrasing, obfuscation, or conversational strategies. Meanwhile, abliteration techniques also known as targeted ablations of internal components have been used to study and explain LLM...
EUVD-2026-12033
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
CVE-2026-32627
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
ALPINE-CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 server key agreement group selection when the server configuration includes the 'DEFAULT' keyword. An attacker can influence the negotiation to u...
CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...
EUVD-2026-11780
Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...
OSV-2026-392 UNKNOWN READ in pcpp::BgpLayer::getHeaderLen
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=491687588 Crash type: UNKNOWN READ Crash state: pcpp::BgpLayer::getHeaderLen pcpp::Packet::shortenLayer pcpp::Layer::shortenLayer...
OpenSSL Security Advisory 20260313
OpenSSL Security Advisory 20260313 - An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword...
ROS-20260313-73-0039
A vulnerability in the tlsstrpcheckrcv function of the Linux kernel TLS protocol implementation is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
AlmaLinux 9 : opentelemetry-collector (ALSA-2026:4177)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:4177 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...
Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.2.9
Logging for Red Hat OpenShift - 6.2.9 Red Hat OpenShift Logging 6.2.9 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...
Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.3
Logging for Red Hat OpenShift - 6.4.3 Red Hat OpenShift Logging 6.4.3 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...
CLSA-2026-1773313831 delve: Fix of CVE-2025-68121
Rebuild with golang 1.22.9-1.el92.tuxcare.els6 to fix CVE-2025-68121 - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry...
CLSA-2026-1773312266 nginx: Fix of CVE-2026-1642
CVE-2026-1642: fix upstream TLS MITM ability to inject plaintext into proxied responses; enforce stricter TLS verification and integrity checks...