CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64173

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

CVE-2025-64173

CVE-2025-64173 affects Apollo Router Core (Rust) in versions 1.61.11 and earlier and 2.0.0-alpha.0 through 2.8.1-rc.0. The vulnerability stems from incorrect handling of access control directives on interface types/fields and their implementing object types/fields, causing unauthenticated queries...

PT-2025-45381

Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.12-rc.0 through 1.61.12 and 2.8.1-rc.0 through 2.8.1 Description Apollo Router Core, a Rust graph router for Apollo Federation 2, had a flaw where access control directives—specifically @authenticated,...

White House Hires First Federal CISO

The White House announced yesterday it has hired retired Brigadier General Gregory J. Touhill, right, to serve as the first federal chief information security officer. Touhill will be responsible for setting policies, strategies and practices across federal agencies. According to a White House bl...

DHS Announces Cyber Incident Reporting Information

The United States Department of Homeland Security DHS has released guidelines and points of contact for reporting cyber incidents to the Federal Government. This communication follows the recent release of Presidential Policy Directive 41 PPD-41—United States Cyber Incident Coordination—which...

Trump Comments Straddle Line of Soliciting Computer Crime

Donald Trump may have left himself an out today when he urged Russian hackers to find 30,000 emails deleted by Hillary Clinton from her private server. “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said during a press conference in Florida. “I...

Attributing Advanced Attacks Remains Challenge For Researchers

Amid the connections being made between the Russian government and the attack on the Democratic National Committee DNC, researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s...

Fedora 19 : mediawiki-1.23.7-1.fc19 (2014-16020)

http://www.mediawiki.org/wiki/Releasenotes/1.23MediaWiki1.23.7 - bug 66776, bug 71478 SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done...