216 matches found
AI is distorting the Holocaust (Lock and Code S07E10)
This week on the Lock and Code podcast … In May of last year, a warning about AI came from somewhere unexpected: The Auschwitz-Birkenau State Museum. Posting publicly on social media, the museum warned about a Facebook account using generative AI to create fake images of people who died in the...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: My coauthor Nathan E. Sanders and I are speaking at the Rayburn House Office Building in Washington, DC at noon ET on November 17, 2025. The event is hosted by the POPVOX Foundation and the topic is “AI and Congress: Practical Step...
CVE-2025-61723 vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, gcp-compute-persistent-disk-csi-driver, fulcio, ghaudit, dagdotdev, go-bindata, boring-registry, custom-pod-autoscaler-operator, flux, kubecolor, kubernetes-csi-livenessprobe, mc, flyte, mesosphere-vsphere-csi, mongodb-kubernetes-operator,...
GHSA-447V-2QG4-H8HC vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, gcp-compute-persistent-disk-csi-driver, fulcio, ghaudit, dagdotdev, go-bindata, boring-registry, custom-pod-autoscaler-operator, flux, kubecolor, kubernetes-csi-livenessprobe, mc, flyte, mesosphere-vsphere-csi, mongodb-kubernetes-operator,...
CVE-2025-58189 vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, gcp-compute-persistent-disk-csi-driver, fulcio, ghaudit, dagdotdev, go-bindata, boring-registry, custom-pod-autoscaler-operator, flux, kubecolor, kubernetes-csi-livenessprobe, mc, flyte, mesosphere-vsphere-csi, mongodb-kubernetes-operator,...
GHSA-CXQ7-XW9V-RCV3 vulnerabilities
Vulnerabilities for packages: grafana, infinispan-operator, kbld, consul-k8s, nvidia-nsight-compute-13.0, spicedb-operator-fips, kyverno-policy-reporter-plugins-kyverno-fips, livekit-egress, kubernetes-csi-livenessprobe-fips, chartmuseum-fips, gcp-compute-persistent-disk-csi-driver,...
EUVD-2014-7526
Malware in sbrugna...
EUVD-2014-7565
Malware in sbrugna...
EUVD-2024-23109
Malicious code in bioql PyPI...
CVE-2025-55198 vulnerabilities
Vulnerabilities for packages: helm-set-status, k8ssandra-client, teleport, flux, eksctl, cerbos, flux-helm-controller, linkerd2, zarf, chartmuseum, helm-mapkubeapis, helm-push, kubescape, kube-arangodb, cluster-api-helm-controller, envoy-gateway, cert-manager-cmctl, headlamp,...
GHSA-9H84-QMV7-982P vulnerabilities
Vulnerabilities for packages: helm-set-status, k8ssandra-client, teleport, flux, eksctl, cerbos, flux-helm-controller, linkerd2, zarf, chartmuseum, helm-mapkubeapis, helm-push, kubescape, kube-arangodb, cluster-api-helm-controller, envoy-gateway, cert-manager-cmctl, headlamp,...
Black Hat 2025: Why We Built a Museum Instead of a Booth
Think you know what to expect from a conference booth? Think again. Forget the cliches: the swag destined for the back of your wardrobe, the formula one simulators, the marketing trickery. Instead, step into a new kind of conference experience, one that takes you on a journey through past, presen...
CVE-2024-25802
SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content...
CVE-2024-25801
SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name not the content of a file...
berkshiremuseum.org Cross Site Scripting vulnerability OBB-4038544
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
pirogovo-museum.do.am Cross Site Scripting vulnerability OBB-3949938
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mpr.mini.icom.museum Cross Site Scripting vulnerability OBB-3948215
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ceca.mini.icom.museum Cross Site Scripting vulnerability OBB-3938583
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
museumtopics.nl Improper Access Control vulnerability OBB-3923156
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
museum-fuer-kunst-und-kulturgeschichte.de Cross Site Scripting vulnerability OBB-3921756
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...