405 matches found
CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance
CISA, in collaboration with NSA and 19 international partners, released joint guidance outliningA Shared Vision of Software Bill of Materials SBOM for Cybersecurity. This marks a significant step forward in strengthening software supply chain transparency and security worldwide. An SBOM is a form...
CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)
CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...
NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.Js
The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research community and practitioners have proposed a range of static and...
Eavesdropping Risk in Terahertz Channels by Covered Wavy Surfaces
Terahertz communications offer unprecedented data rates for next-generation wireless networks but suffer blockage susceptibility that restrict coverage and introduce physical-layer security vulnerabilities. Non-line-of-sight relay schemes using metallic wavy surfaces MWS address coverage...
awesome-android-security
A curated list of Android Security materials and resources For Pentesters and Bug Hunters...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to world-writable permissions set on SBOM files in the file system. An attacker can modify or delete SBOM files by gaining local access to the running image, which may confuse security scanners or disru...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to world-writable permissions set on SBOM files in the file system. An attacker can modify or delete SBOM files by gaining local access to the running image, which may confuse security scanners or disru...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to world-writable permissions set on SBOM files in the file system. An attacker can modify or delete SBOM files by gaining local access to the running image, which may confuse security scanners or disru...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to world-writable permissions set on SBOM files in the file system. An attacker can modify or delete SBOM files by gaining local access to the running image, which may confuse security scanners or disru...
melange 安全漏洞
melange is a Chainguard open source for building APKs from source code. A security vulnerability exists in melange versions prior to 0.23.0 through 0.29.5, which stems from improperly set permissions on the SBOM file, which could lead to a tampering attack...
CVE-2023-6078
An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution...
CVE-2020-2599
Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications component: MMS All. The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials...
ROS-2-232
2.232 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia №4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...
ROS-2-18
2.18 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies about renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 till 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...
ROS-2-1
2.1 Notification on the update of the OPERATION SYSTEM "RED OS" MIS RED SOFT LLC notifies about renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 till 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...
Implementing AI Bill of Materials (AI BOM) with SPDX 3.0: a Comprehensive Guide to Creating AI and Dataset Bill of Materials
A Software Bill of Materials SBOM is becoming an increasingly important tool in regulatory and technical spaces to introduce more transparency and security into a project's software supply chain. Artificial intelligence AI projects face unique challenges beyond the security of their software, and...
Friday Squid Blogging: A New Explanation of Squid Camouflage
New research: An associate professor of chemistry and chemical biology at Northeastern University, Deravi’s recently published paper in the Journal of Materials Chemistry C sheds new light on how squid use organs that essentially function as organic solar cells to help power their camouflage...
Man Jailed 24 Years for Running Dark Web CSAM Sites from Coffee Shop
Louis Donald Mendonsa, 62, was sentenced following a guilty plea for distributing child sexual abuse materials CSAM via…...
LearnDash 安全漏洞
LearnDash is a learning management system from LearnDash, Inc. A security vulnerability exists in LearnDash version v6.7.1, which stems from the materials-content class containing a stored cross-site scripting vulnerability...
PT-2025-6730 · Learndash · Learndash
Name of the Vulnerable Software and Affected Versions: LearnDash version 6.7.1 Description: A stored Cross-Site Scripting XSS issue was discovered in the materials-content class. This issue allows for malicious scripts to be stored and executed on the site, potentially affecting user sessions...