EVMbench: Evaluating AI Agents on Smart Contract Security

Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in way...

A Strategic Response to the F5 BIG-IP Nation-State Breach 2025

In mid-October 2025, the cybersecurity landscape was dealt a severe blow. F5 disclosed a long-term, sophisticated breach by a nation-state threat actor. This incident exposed critical F5 BIG-IP vulnerabilities and triggered heightened scrutiny across enterprise edge infrastructure. This was not a...

EUVD-2000-1058

Malware in sbrugna...

Mozilla Thunderbird ESR Security Update (mfsa_2025-78) - Mac OS X

Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ALSA-2025:10670 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: Fix use after free in hcisendacl CVE-2022-49111 kernel: Bluetooth: hcisync: Fix queuing commands when HCIUNREGISTER is...

SUSE SLES12 Security Update : kernel (Live Patch 66 for SLE 12 SP5) (SUSE-SU-2025:01908-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01908-1 advisory. This update for the Linux Kernel 4.12.14-122250 fixes several issues. The following security issues were fixed: - CVE-2024-57996: netsched:...

pcs security update

0.10.18-2.0.1.el810.5 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.5 - Fixed CVE-2024-52804 by patching bundled Tornado Resolves: RHEL-93167 - Fixed CVE-2025-46727 by updating bundled rubygem rack Resolves: RHEL-90147...

CVE-2024-44950 affecting package kernel for versions less than 6.6.64.2-9

CVE-2024-44950 affecting package kernel for versions less than 6.6.64.2-9. A patched version of the package is available...

CVE-2025-21556

creationtimestamp| type| source ---|---|--- 2025-01-21 21:01:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2480 2025-01-21 21:19:08+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqqrfuh2t 2025-01-21 21:48:58+00:00| seen|...

RHSA-2025:0132 Red Hat Security Advisory: firefox security update

Bulletin has no description...

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 CVSS score: 9.8, the vulnerability could allow an...

Important: Red Hat Security Advisory: RHACS 4.4 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

SUSE-SU-2024:1301-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.12.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...

Earth Krahang APT Campaign Targeting Global Governments

Summary: Earth Krahang, an APT campaign since 2022, targets global government entities, employing spear phishing and server exploitation tactics. Operating independently but with potential links to Chinese threat actors, it utilizes malware like Cobalt Strike and XDealer for espionage, urging...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

Decentralize Remediation Efforts to Gain More Efficiency with InsightVM

Let’s talk about the reality of the remediation process today. We know it is often a cumbersome and time-consuming process, and it can be challenging for a Security team to work with IT Operations and Development teams, servicing many assets and owners. There isn’t a vulnerability management team...

OPENSUSE-SU-2020:1178-1 Security update for go1.13

This update for go1.13 fixes the following issues: - go1.13 was updated to version 1.13.5 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs bsc1174977. This update was imported from the SUSE:SLE-15:Update update project...

tableau.msu.montana.edu Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1149105 Security Researcher OakdaleHutch Helped patch 26 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting tableau.msu.montana.edu website and its users...

linternaute.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1148460 Security Researcher cmdsec Helped patch 46 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting linternaute.com website and its users. Following...

quixpal.ecrater.co.uk Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145715 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting quixpal.ecrater.co.uk website and its users. Followi...