131 matches found
CVE-2026-54103
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...
CVE-2026-54105
The CVE concerns CVE-2026-54105 affecting the GAO EPDS and CBCA EDS systems. The vulnerability arises from the update-profile/ API endpoint, where a remote, unauthenticated attacker can supply an arbitrary user_id and receive a JSON response containing account-specific information, including the ...
CVE-2026-54104 U.S. GAO EPDS and CBCA EDS client-based privilege escalation
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...
CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change
The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...
CVE-2026-54103
CVE-2026-54103 affects GAO EPDS and CBCA EDS, where the /update-profile/N endpoint does not require authentication for password changes. The vulnerability allows a remote attacker to change an arbitrary user’s password without credentials. This result is supported by the CVSS data indicating high...
PT-2026-50706
Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...
Information Security in Small-Scale Protests: Surveillance of Ugandan Anti-EACOP Protesters
We examine the information security practices of Ugandan climate activists protesting the development of the East African Crude Oil Pipeline EACOP. We conducted five-week fieldwork in Kampala, Uganda, which included interviews with 13 anti-EACOP activists. Through an inductive analysis, we report...
How to Protest Safely in the Age of Surveillance
Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest...
How Protesters Became Content for the Cops
The tactics behind protest policing are changing—from one of cooperation to intentional antagonism for political marketing purposes...
EUVD-2012-2706
Malware in sbrugna...
CVE-2022-50501
creationtimestamp| type| source ---|---|--- 2025-10-05 16:10:30+00:00| seen| https://bsky.app/profile/protest2025bot.bsky.social/post/3m2hidhocn22e...
EUVD-2022-24595
Malicious code in bioql PyPI...
DHS Tells Police That Common Protest Activities Are ‘Violent Tactics’
DHS is urging law enforcement to treat even skateboarding and livestreaming as signs of violent intent during a protest, turning everyday behavior into a pretext for police action...
OpenAI forced to preserve ChatGPT chats
OpenAI has protested a court order that forces it to retain its users' conversations. The creator of the ChatGPT AI model objected to the order, which is part of a copyright infringement case against it by The New York Times and other publishers. The news organizations argued that ChatGPT was...
CVE-2022-1262
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root...
Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages
A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art...
Hackers Deface Russian Websites on Ukraine Invasion Anniversary
By Deeba Ahmed A group of hackers going by the online handle of "CH01" has taken responsibility for defacing at least 32 Russian websites to mark a protest over the one-year anniversary of the Russian invasion of Ukraine. This is a post from HackRead.com Read the original post: Hackers Deface...
Smartphones of Iran’s protest detainees targeted with spyware
By Waqas The malware has been identified as I3mon, which can perform all kinds of spying operations. This is a post from HackRead.com Read the original post: Smartphones of Irans protest detainees targeted with spyware...
How Shady Code Commits Compromise the Security of the Open-Source Ecosystem
In this blog entry, we discuss how open-source code has been subjected to protest-driven code modifications by its maintainers or backers. We also provide an analysis of what these incidents could mean for the IT industry and the open source community...
This Hacktivist Site Lets You Prank Call Russian Officials
To protest the war in Ukraine, WasteRussianTime.today auto-dials Russian government officials, connects them to each other, and lets you listen in to their confusion...