Security Bulletin: ELM on Hybrid Cloud vulnerabilities addressed in 2.0.0

Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. One of...

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Arbitrary Code Injection due to Node js module jsonpath (CVE-2026-1615)

Summary IBM App Connect Enterprise runtime is vulnerable to Arbitrary Code Injection due to Node js module jsonpath. Vulnerability Details CVEID:CVE-2026-1615 DESCRIPTION: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-suppli...

Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Engineering Test Management are affected by cross-site scripting (CVE-2025-12635)

Summary IBM WebSphere Application Server is affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. Following IBM® Engineering Lifecycle Management...

Security Bulletin: IBM Engineering Lifecycle Management products using IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by a denial of service due to jose4j (CVE-2024-29371)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test...

EUVD-2026-23752

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

Security Bulletin: Security vulnerability has been found in IBM Security Verify Directory (Container) used by IBM Security Verify Governance Identity Manager Adapters

Summary IBM Security Verify Governance Identity Manager Adapters uses IBM Security Verify Directory Container. Information about security vulnerability affecting IBM Security Verify Directory Container has been published in security bulletin. Vulnerability Details Refer to the security bulletins...

CVE-2026-32959

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence AI tool, that was used by an employee at the...

CVE-2026-32959

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

CVE-2026-32959

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

CVE-2026-32959

CVE-2026-32959 concerns SD-330AC and AMC Manager from silex technology, Inc. and describes use of a broken or risky cryptographic algorithm, enabling information in network traffic to be retrieved via a man‑in‑the‑middle attack. The description does not specify exact affected versions, affected c...

CVE-2026-32959

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

PT-2026-33829

Name of the Vulnerable Software and Affected Versions Amazon AWS Encryption SDK for Python versions prior to 3.3.1 Amazon AWS Encryption SDK for Python versions prior to 4.0.5 Description A cryptographic algorithm downgrade in the caching layer may allow an authenticated local threat actor to...

PT-2026-33697

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

Linux Distros Unpatched Vulnerability : CVE-2025-14813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC- JAVA bcprov on all core modules. This vulnerability is...