EUVD-2025-7789

Malicious code in bioql PyPI...

Inside Job: Defending Kubernetes Clusters against Network Misconfigurations

Kubernetes has emerged as the de facto standard for container orchestration. Unfortunately, its increasing popularity has also made it an attractive target for malicious actors. Despite extensive research on securing Kubernetes, little attention has been paid to the impact of network configuratio...

CVE-2025-27518

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. An insecure CORS configuration in the Cognita backend server allows arbitrary websites to send cross site requests to the application. This vulnerability is fixe...

Talos IR trends Q3 2024: Identity-based operations loom large

Threat actors are increasingly conducting identity-based attacks across a range of operations that are proving highly effective, with credential theft being the main goal in a quarter of incident response engagements. These attacks were primarily facilitated by living-off-the-land binaries LoLBin...

Optimizing a Web Application Security Scan for bWAPP

Today almost all organizations have an online presence, with more information accessible at the click of a mouse, making customer experiences much more frictionless. Yet the delivery of great experiences also opens the door to potential hackers intent on compromising the website and its APIs...

Vulnerability Research Highlights 2021

At SonarSource we are constantly improving our code analyzers to help developers write Clean Code. The detection of severe code vulnerabilities plays an important role in this process so that applications are protected from attacks and security breaches. For this same reason, our research team...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iTop...

Combodo iTop Code Issue Vulnerability

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management functions. A code issue vulnerability exists in Combodo iTop...

CHIP — The World's First $9 Computer

Wait! What? A $9 computer? This is something magical. A Californian startup lead by Dave Rauchwerk is currently seeking crowdfunding on Kickstarter to create a computer that will cost as much as $9 or £6. The new microcomputer, dubbed CHIP, is a tiny, Linux-based, super-cheap computer that's...

Netflix Releases FIDO Incident Response Tool

Engineers at Netflix have released another one of the company’s bespoke security tools as an open-source application, this time an incident-response system known as FIDO. The tool is designed to help automate the process of incident response, and specifically it acts as a new layer that helps tie...