Exploit for Type Confusion in Apple Safari

CVE-2024-23222 — WebKit Type Confusion → iOS 16.4.1 Sandbox Es...

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

Cisco Talos has uncovered a BadIIS variant -- identifiable by its embedded "demo.pdb" strings -- that functions as commodity malware. This variant is likely sold or shared among multiple Chinese-speaking cybercrime groups that operate under a malware-as-a-service MaaS model for continuous...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a Denial of Service due to jackson-core ( WS-2026-0003 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS runtime and toolkit are vulnerable to a Denial of Service due to jackson-core. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default:...

Security Bulletin:DevOps Test Embedded for Eclipse IDE is vulnerable to XXE injection & RCE due to use of JGit and EGit ( CVE-2023-4759 and CVE-2025-4949)

Summary Due to the use of JGit and EGit, DevOps Test Embedded for Eclipse contains vulnerabilities that could lead to unauthorized file access via XML External Entity XXE injection, and arbitrary file overwrites on case-insensitive filesystems that can lead to Remote Code Execution RCE. This only...

Security Bulletin: Multiple Vulnerabilities affects IBM Data Studio Client 4.2.2

Summary Security Fix of multiple Vulnerabilities of IBM Data Studio Client 4.2.2. The vulnerabilities have been addressed in 4.2.2 version. Hence, IBM strongly recommends upgrading to 4.2.2. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...

Incorrect Implementation of Authentication Algorithm

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm through the TokenManager and OIDC endpoint token checks ...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2026-33230 DESCRIPTION: NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development ...

Client-Side Enforcement of Server-Side Security

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security through the processAction registration flow in the WebAuthn...

zparty

Zparty Automated web penetration testing framework with loc...

midnight-ownpublickey-attack

Bounty 295: Why ownPublicKey Can't Be Trusted for Access...

PT-2026-41972

Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.288.4 through 0.315.3 Description The bundled GraphiQL template in Strawberry GraphQL writes values from the headers editor into the browser URL query string. This occurs because the strawberry/static/graphiql.htm...

Set Shaping Theory As a Complementary Payload-Shaping Layer for Steganography

This paper studies the use of Set Shaping Theory SST as a reversible payload-shaping layer for least significant bit LSB image steganography. The proposal is not intended to replace existing steganographic methods or to compete with them as a new embedding scheme. Instead, SST is positioned as a...

CVE-2025-61081

CVE-2025-61081 entry is rejected and not used.

Malicious code in @antv/algorithm (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/gi-assets-algorithm (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

PT-2026-41970

Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...

PT-2026-41964

This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...

PT-2026-41966

Summary The mailpit dump --http sub-command downloads every message from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with...

PT-2026-42032

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...