439 matches found
CVE-2025-64375
Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through = 3.20.1...
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code. Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly...
📄 Exim Vulnerability Scanner
This is a multi-phase vulnerability scanning tool designed to detect and analyze security weaknesses in Exim mail servers. The tool performs comprehensive security assessments by testing for all known Exim vulnerabilities, misconfigurations, and security weaknesses. These include remote code...
PT-2025-49873
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...
Exploit for Code Injection in Pivotal_Software Spring_Data_Commons
SpringBoot-Toolkit An interactive penetration-testing tool de...
DNS Visibility Gap: Misconfigurations That Firewalls Miss in Network Security
...
What Does BAS Stand For? A Complete Guide
Running generic security tests is like studying for the wrong exam. You might be prepared for something, but not for the threats you’re most likely to face. To build a truly resilient defense, you need to test your controls against the specific tactics, techniques, and procedures that adversaries...
The State of Security Today: Setting the Stage for 2026
As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...
Battle Compliance Confusion and Security Fatigue with Qualys and ServiceNow
Once upon a time, your biggest worry was whether Dave in Accounting would click on a suspicious link. Today, you wish Dave were your only worry. You’re likely balancing four major clouds, including AWS, Azure, Google Cloud, and Oracle, plus on-premises, hybrid environments, thousands of ephemeral...
Credentials and Misconfigurations Behind Most Cloud Breaches, Says AWS
New AWS report data reveals the top four security failure points in the cloud, including vulnerability exploitation 24%…...
When APIs Become Attack Paths: What the Q3 2025 ThreatStats Report Tells Us
Wallarm’s latest Q3 2025 API ThreatStats report link placeholder reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving. Malicious actors are shifting from code-level weaknesses to business logic flaws, from web apps to partner integrations, and from RE...
A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do
A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same...
What Security Teams Need to Know as PHP and IoT Exploits Surge
Attack automation is accelerating, widening the window between detection and response. Qualys TRU telemetry reveals how these attacks unfold and what defenders can do next. The Qualys Threat Research Unit TRU has identified a sharp increase in attacks targeting PHP servers, IoT devices, and cloud...
Lynis Auditing Tool 3.1.6
Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...
Web-Security-Assessment-Suite-based-on-OWASP-Top-10
Web-Security-Assessment-Suite-based-on-OWASP-Top-10 A...
The Hidden Dangers of Public Serverless Repositories: An Empirical Security Assessment
Serverless computing has rapidly emerged as a prominent cloud paradigm, enabling developers to focus solely on application logic without the burden of managing servers or underlying infrastructure. Public serverless repositories have become key to accelerating the development of serverless...
Improper Input Validation
datahihi1/tiny-env is vulnerable to Improper Input Validation. The vulnerability is due to missing sanitization of characters, allowing attackers to inject comment text that can cause misconfigurations or authentication failures...
EUVD-2016-4090
Malware in sbrugna...
EUVD-2008-1669
Malware in sbrugna...
EUVD-2025-27696
Malicious code in bioql PyPI...