CVE-2026-3371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

PT-2026-32085

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the save course content order private method, which is called unconditionally by...

From Clawdbot to OpenClaw: Practical Lessons in Building Secure Agents

...

SoK: DARPA'S AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned

DARPA's AI Cyber Challenge AIxCC, 2023--2025 is the largest competition to date for building fully autonomous cyber reasoning systems CRSs that leverage recent advances in AI -- particularly large language models LLMs -- to discover and remediate vulnerabilities in real-world open-source software...

Your year-end infosec wrapped

Welcome to this week's edition of the Threat Source newsletter. " They say that a person's personality is the sum of their experiences. But that isn't true, at least not entirely, because if our past was all that defined us, we'd never be able to put up with ourselves. We need to be allowed to...

10 Successful Marketplaces Built on Sharetribe: Lessons Learned

The marketplace revolution is here, and it's transforming how we buy, sell, and share everything from vintage furniture…...

A Comprehensive Evaluation and Practice of System Penetration Testing

With the rapid advancement of information technology, the complexity of applications continues to increase, and the cybersecurity challenges we face are also escalating. This paper aims to investigate the methods and practices of system security penetration testing, exploring how to enhance syste...

Cybersecurity on a budget: Strategies for an economic downturn

During economic uncertainty, businesses face the challenge of maintaining strong cybersecurity while managing tightened budgets. Cyber threats can become more numerous, motivated, and persistent during economic downturns, making the need for resilient, cost-effective security measures critical...

When the Cloud Breaks: Lessons from the AWS Outage

...

EUVD-2021-11625

Malware in sbrugna...

EUVD-2023-43818

Malicious code in bioql PyPI...

The Reality of Modern Cyberattacks: Lessons from Recent Retail Breaches

...

Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 2025

We’re honored that the Pwnie Awards recognized the Qualys Threat Research Unit TRU with two wins at Black Hat/DEF CON this year—Best RCE for regreSSHion CVE-2024-6387 and Epic Achievement for our multi-year work uncovering issues in OpenSSH, including CVE-2025-26465. Awards are nice; what matters...

Federated Learning for Cyber Physical Systems: a Comprehensive Survey

The integration of machine learning ML in cyber physical systems CPS is a complex task due to the challenges that arise in terms of real-time decision making, safety, reliability, device heterogeneity, and data privacy. There are also open research questions that must be addressed in order to ful...

CVE-2025-1590

A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the...

CVE-2025-1590

CVE-2025-1590 affects SourceCodester E-Learning System 1.0. The vulnerability is in an unknown function of the file /admin/modules/lesson/index.php within the List of Lessons Page, and the manipulation allows an unrestricted file upload. The issue can be leveraged remotely. Multiple connected sou...

The Rise of the Drone Boats

Swarms of weaponized unmanned surface vessels have proven formidable weapons in the Black and Red Seas. Can the US military learn the right lessons from it?...

On Generative AI Security

Microsoft's AI Red Team just published "Lessons from Red Teaming 100 Generative AI Products." Their blog post lists "three takeaways," but the eight lessons in the report itself are more useful: 1. Understand what the system can do and where it is applied. 2. You don't have to compute gradients t...

WordPress Video Lessons Manager plugin <= 1.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Video Lessons Manager versions = 1.8.0...

CISA: CFATS Personnel Surety Program Demonstration and Lessons Learned

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...