Introducing SITF: The First Threat Framework Dedicated to SDLC Infrastructure

Moving beyond simple checklists to visualize, map, and block attacks on production SDLC infrastructure...

Techniques of Modern Attacks

The techniques used in modern attacks have become an important factor for investigation. As we advance further into the digital age, cyber attackers are employing increasingly sophisticated and highly threatening methods. These attacks target not only organizations and governments but also extend...

CVE-2021-22018

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files...

CVE-2024-34690

SAP Student Life Cycle Management SLcM fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted,...

A Systematic Mapping Study on Risks and Vulnerabilities in Software Containers

Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering SE research literature reveals a lack of reviewed, aggregated, and organized knowled...

[SECURITY] Fedora 43 Update: complyctl-0.1.0-1.fc43

complyctl leverages OSCAL to perform compliance assessment activities, using plugins for each stage of the life-cycle...

CVE-2025-39966 iommufd: Fix race during abort for file descriptors

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput doesn't actually call fileoperations release synchronously, it puts the file on a work queue and it will be released eventually. This is normally fine, except for iommufd t...

EUVD-2024-39578

Malicious code in bioql PyPI...

EUVD-2021-9187

Malicious code in bioql PyPI...

EUVD-2021-2881

Malicious code in bioql PyPI...

.NET 9.0 Update - September 9, 2025 (KB5066234)

.NET 9.0 Update - September 9, 2025 KB5066234 .NET 9.0 has been refreshed with the latest update as of September 9, 2025. This update contains non-security fixes. See the release notes for details about updated packages..NET 9.0 servicing updates are upgrades. The latest servicing update for 9.0...

Cryptographic Data Exchange for Nuclear Warheads

Nuclear arms control treaties have historically focused on strategic nuclear delivery systems, leaving nuclear warheads outside formal verification frameworks. This paper presents a cryptographic protocol for secure and verifiable warhead tracking, addressing challenges in nuclear warhead...

Security Debt in Practice: Nuanced Insights from Practitioners

With the increasing reliance on software and automation nowadays, tight deadlines, limited resources, and prioritization of functionality over security can lead to insecure coding practices. When not handled properly, these constraints cause unaddressed security vulnerabilities to accumulate over...

A Comprehensive Survey in LLM(-Agent) Full Stack Safety: Data, Training and Deployment

The remarkable success of Large Language Models LLMs has illuminated a promising pathway toward achieving Artificial General Intelligence for both academic and industrial communities, owing to their unprecedented performance across various applications. As LLMs continue to gain prominence in both...

CVE-2024-42373

SAP Student Life Cycle Management SLcM fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing...

CVE-2021-46811

HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle CPLC information...

Measuring Security in 5G and Future Networks

In today's increasingly interconnected and fast-paced digital ecosystem, mobile networks, such as 5G and future generations such as 6G, play a pivotal role and must be considered as critical infrastructures. Ensuring their security is paramount to safeguard both individual users and the industrie...

OpenJDK 11 is no longer the default system-wide version of Java on Rocky Linux 9

An update is available for java-11-openjdk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The 11.0.25 release is the last release of Rocky Enterprise Software...

CVE-2024-8892

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

CVE-2024-8892 Uncontrolled Resource Consumption vulnerability on CIRCUTOR TCP2RS+

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...