CVE-2026-49486 Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...

​​Ambient and autonomous security for the agentic era​​

Over the past year, I've had countless conversations with customers who are striving to unlock human ambition with AI. They are on their journey to become Frontier Firms, where humans and agents push the boundaries of innovation and create new possibilities, empowering humans to become limitless...

The importance of hardening customer support tools against cyberattacks

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion. A malicious party could exploit the vulnerabilities to bypass a security measure and gain access to sensitive data. Adobe has released updates to fix the vulnerabilities. See attached references for more information...

How to disable StoreFront's http communication

How to disable StoreFront's http communication...

PT-2023-1957 · Unknown +2 · Libmemcached-Awesome +2

Name of the Vulnerable Software and Affected Versions: libmemcached-awesome versions prior to 1.1.4 Description: The issue is related to insufficient protection of service data when handling the POLL TIMEOUT parameter, which could allow a remote attacker to gain unauthorized access to protected...

PT-2023-2220 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 Description: An issue has been discovered in GitLab that allows a project maintainer to extract a Datadog integration API key by...

The vulnerability of AMD’s SMT processor technology, which allows a hacker to disclose protected information

The vulnerability of AMD’s SMT processor technology is related to errors that occur after the processor’s core exits the C0 sleep state. Exploiting this vulnerability can allow an attacker to disclose protected information i.e., gain access to the RAP Return Address Predictor...

Are you still using public Wi-Fi without a VPN?

Security Are you still using public Wi-Fi without a VPN? Share October 14th, 2022 Hi readers, October is Cybersecurity Awareness Month and the focus is on you, the user. All the privacy and security features in the world are worth nothing if we ourselves don’t apply some best practices to our...

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in jonschoning/espial

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

JSON Web Token Weak Secret

JSON Web Tokens can be signed to protect against data tampering. By using an asymmetric or a symmetric signing algorithm, the application computes a signature of the token data which will be verified during token decoding to ensure its integrity. When using a symmetric algorithm, the signature is...

The vulnerability of the mod_rewrite function in the Apache Tomcat application server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the modrewrite function in the Apache Tomcat application server is related to the redirection of URLs to insecure websites. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the iOS operating system, which allows a perpetrator to gain access to protected information

The vulnerability of the NSURL component of CFNetwork SSL in the iOS operating system is related to cryptographic transformation errors. Exploiting this vulnerability can allow attackers to gain access to protected information through “man-in-the-middle” attacks and with the use of specially...