CVE-2025-64101

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

CVE-2025-64103

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via manipulation of the Forwarded or X-Forwarded-Host headers used to construct password reset confirmation links. An attacker can gain unauthorized access to user accounts by tricking users into clicking a password reset...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via manipulation of the Forwarded or X-Forwarded-Host headers used to construct password reset confirmation links. An attacker can gain unauthorized access to user accounts by tricking users into clicking a password reset...

PT-2025-44004

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software allows for the disclosure of email passwords. The issue affects Azure Access Tech BLU-IC2 and BLU-IC4. It is recommended to restrict access and enable...

Investigating targeted “payroll pirate” attacks affecting US universities

Microsoft Threat Intelligence has observed a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. These types of attacks have been dubbed “payroll...

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface...

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service SaaS applications to run their operations. However,...

EUVD-2019-16041

Malware in sbrugna...

EUVD-2021-1832

Malware in sbrugna...

EUVD-2025-30815

Malicious code in bioql PyPI...

EUVD-2024-46147

Malicious code in bioql PyPI...

EUVD-2023-29596

Malicious code in bioql PyPI...

EUVD-2024-0610

Malicious code in bioql PyPI...

EUVD-2025-24032

Malicious code in bioql PyPI...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-59682 via django (>=5.1.0 <=5.1.12)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-59682 Source advisory: SNYK:PYTHON-DJANGO-13179425...

Cybersecurity Awareness Month: Security starts with you

At Microsoft, security is our number one priority, and we believe that cybersecurity is as much about people as it is about technology. As we move into October and kick off Cybersecurity Awareness Month, this time of year really makes me think about how important online safety is—not just at work...

PT-2025-39827

Name of the Vulnerable Software and Affected Versions Obsidian Scheduler versions 5.0.0 through 6.3.0 Description A security issue exists in the Obsidian Scheduler REST API. If an account is locked out due to not enrolling in Multi-Factor Authentication MFA, the REST API continues to permit the u...

CVE-2025-56689

One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password OTP/Multifactor Authentication MFA bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying th...

CVE-2025-56689

Summary: CVE-2025-56689 affects One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903. The issue is an OTP/MFA bypass via response manipulation, where an attacker who captures or intercepts a valid OTP response could replay it to bypass OTP verification and gain access to...