PT-2025-22336 · Spring · Spring Security Aspects

Name of the Vulnerable Software and Affected Versions: Spring Security Aspects affected versions not specified Description: The issue concerns Spring Security Aspects not correctly locating method security annotations on private methods, potentially causing an authorization bypass. This can affec...

Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain

We have detected a new tactic involving fake CAPTCHA pages that trick users into executing harmful commands in Windows. This scheme uses disguised files sent via phishing and other malicious methods...

The vulnerability of the Naumen Service Management Platform, related to the use of dangerous methods or functions, allows a perpetrator to execute arbitrary code.

The vulnerability of the Naumen Service Management Platform is related to the use of dangerous methods or functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

[SECURITY] Fedora 41 Update: syslog-ng-4.8.2-1.fc41

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

Server-Side Template Injection Vulnerabilities and Exploitation Techniques

Research article called Server-Side Template Injection SSTI Vulnerabilities and Exploitation Techniques. The paper provides a structured methodology for detecting and exploiting SSTI vulnerabilities across multiple template engines, along with real-world case studies and mitigation strategies...

CVE-2025-31493

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...

Description of the security update for Office 2016: May 13, 2025 (KB5002695)

Description of the security update for Office 2016: May 13, 2025 KB5002695 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-32704.​​​​​​​​​​​​​​ Note: To...

Description of the security update for Office Online Server: May 13, 2025 (KB5002707)

Description of the security update for Office Online Server: May 13, 2025 KB5002707 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...

MUBox: a Critical Evaluation Framework of Deep Machine Unlearning

Recent legal frameworks have mandated the right to be forgotten, obligating the removal of specific data upon user requests. Machine Unlearning has emerged as a promising solution by selectively removing learned information from machine learning models. This paper presents MUBox, a comprehensive...

Mirror Mirror on the Wall, Have I Forgotten It All? A New Framework for Evaluating Machine Unlearning

Machine unlearning methods take a model trained on a dataset and a forget set, then attempt to produce a model as if it had only been trained on the examples not in the forget set. We empirically show that an adversary is able to distinguish between a mirror model a control model produced by...

Revealing Weaknesses in Text Watermarking through Self-Information Rewrite Attacks

Text watermarking aims to subtly embed statistical signals into text by controlling the Large Language Model LLM's sampling process, enabling watermark detectors to verify that the output was generated by the specified model. The robustness of these watermarking algorithms has become a key factor...

Exploit for CVE-2025-24203

dirtyZero A simple customization toolbox that utilizes CVE-...

MTL-UE: Learning to Learn Nothing for Multi-Task Learning

Most existing unlearnable strategies focus on preventing unauthorized users from training single-task learning STL models with personal data. Nevertheless, the paradigm has recently shifted towards multi-task data and multi-task learning MTL, targeting generalist and foundation models that can...

CVE-2025-32441 Rack session gets restored after deletion

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability

A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service DoS condition. This vulnerability is due to improper handling of DHCP request packets. An...

Another Move in the Deepfake Creation/Detection Arms Race

Deepfakes are now mimicking heartbeats In a nutshell Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats. The...

SoK: Stealing Cars since Remote Keyless Entry Introduction and How to Defend from It

Remote Keyless Entry RKE systems have been the target of thieves since their introduction in automotive industry. Robberies targeting vehicles and their remote entry systems are booming again without a significant advancement from the industrial sector being able to protect against them...

Privacy Risks and Preservation Methods in Explainable Artificial Intelligence: a Scoping Review

Explainable Artificial Intelligence XAI has emerged as a pillar of Trustworthy AI and aims to bring transparency in complex models that are opaque by nature. Despite the benefits of incorporating explanations in models, an urgent need is found in addressing the privacy concerns of providing this...

Exploit for Cross-Site Request Forgery (CSRF) in Nosurf_Project Nosurf

CVE-2025-46721: CSRF...

[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats

How Many Gaps Are Hiding in Your Identity System? It's not just about logins anymore. Today's attackers don't need to "hack" in—they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed...