Your Redis Server Looks Fine. That’s the Problem.

Introduction There’s an automated attack circulating right now that breaks into unprotected Redis servers, takes over the underlying machine, and then carefully puts everything back the way it found it. It restores the database filename. It deletes the tools it used. It detaches from the...

Information Exposure

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Information Exposure via the global exception handling process in the WebUI. An attacker can obtain sensitive internal implementation details, such as stack...

GHSA-C3GC-9PF2-84GG PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI

Summary pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception for example by requesting a...

PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI

Summary pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an unauthenticated user can reliably trigger a server exception for example by requesting a...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

CVE-2026-0073 PoC Wireless ADB TLS Auth Bypass This directo...

CLSA-2026-1773479178 python: Fix of CVE-2025-12084

CVE-2025-12084: fix quadratic algorithm when building nested XML elements with appendChild...

CLSA-2026-1773479849 python: Fix of CVE-2025-12084

CVE-2025-12084: fix quadratic algorithm when building nested XML elements with appendChild...

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

GHSA-R27J-894H-3W3P mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

🔓 CVE-2026-0073: Android adbd Authentication Bypass Proof...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-27448 DESCRIPTION: pyOpenSSL is a Python wrappe...

Before the Breach, There Was a Test Environment

Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...

Security Bulletin: IBM Enterprise Build of Quarkus is affected by a vulnerability in Apache Kafka

Summary IBM Enterprise Build of Quarkus is affected by a vulnerability in Apache Kafka Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a...

Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authorization bypass vulnerability

Summary IBM Enterprise Build of Quarkus is affected by an authorization bypass vulnerability CVE-2026-39852 Vulnerability Details CVEID:CVE-2026-39852 DESCRIPTION: Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1,...

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

In this article 1. Activity overview 2. Mitigation and protection guidance 3. Hunting queries 4. Indicators of compromise Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration...

Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI products - 1 EDB PGAI AI Factory with IBM 1.3.0, 2 EDB PGAI Analytics Accelerator 1.3.0, and 3 EDB PGAI Hybrid Data Management 1.3.0. The vulnerabilities have been addressed in 1.3.4 version. Hence, IBM strongly recommends upgrading to 1.3.4...

avro-oom-compression-poc

Avro Decompression Bomb PoC CWE-409 Proof of concept demons...

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

Important: Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.3 release

Red Hat build of OpenTelemetry 3.9.3 has been released This release of the Red Hat build of OpenTelemetry provides security improvements. Breaking changes: None Deprecations: None Technology Preview features: None Enhancements: None Bug fixes: TOCTOU race condition in libcap capsetfile function i...