CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the public comment submission endpoint. An attacker can disrupt service availability by sending a specially crafted payload. Details Denial of Service DoS describes a family of attacks, all aimed at making a...

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

Halo 安全漏洞

Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Versions of Halo 2.22.4 and earlier contain security vulnerabilities. These vulnerabilities stem from defects in the public comment submission endpoint, which could allow remote attackers to trigger a...

CVE-2025-70886

CVE-2025-70886 affects Halo CMS up to version 2.22.4 and earlier. The issue allows a remote attacker to cause a denial of service by sending a crafted payload to the public comment submission endpoint. The NVD entry corroborates a denial-of-service impact from crafted payloads to the public comme...

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

PT-2026-7853

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

NIST and CISA Release Draft Interagency Report on Protecting Tokens and Assertions from Tampering Theft and Misuse for Public Comment

The Cybersecurity and Infrastructure Security Agency CISA and National Institute of Standards and Technology NIST have released an initial draft of Interagency Report IR 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report ...

CISA Requests Public Comment for Updated Guidance on Software Bill of Materials

CISA released updated guidance for the Minimum Elements for a Software Bill of Materials SBOM for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum...

CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)

CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...

CISA Requests Public Comment for Draft National Cyber Incident Response Plan Update

Today, CISA—through the Joint Cyber Defense Collaborative and in coordination with the Office of the National Cyber Director ONCD—released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on the National Cyber Incident Response Plan...

On Secure Voting Systems

Andrew Appel shepherded a public comment--signed by twenty election cybersecurity experts, including myself--on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but its general in nature. From the executive summary: We believe that no...

CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

Today, CISA released the draft Secure Cloud Business Applications SCuBA Google Workspace GWS Secure Configuration Baselines and the associated assessment tool ScubaGoggleslink is external for public comment. The draft baselines offer minimum viable security configurations for nine GWS services:...

CISA Requests Comment on Draft Secure Software Development Attestation Form

CISA has opened a 30-day Federal Register notice to receive public comment on the draft Secure Software Development Attestation Form. CISA developed this form in coordination with the Office of Management and Budget. With the Secure Software Development Attestation Form, federal departments and...

CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment

CISA has released draft versions of two guidance documents—along with a request for comment RFC—that are a part of the recently launched Secure Cloud Business Applications SCuBA project: Secure Cloud Business Applications SCuBA Technical Reference Architecture TRA Extensible Visibility Reference...

CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment

CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close...

CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

The U.S. government’s cybersecurity agency has issued a draft directive mandating all agencies to develop vulnerability disclosure policies, which would give ethical hackers clear guidelines for submitting bugs found in government systems. Security experts hope that the directive will light a fir...

FedRAMP Tailored program for low-risk use cloud service offerings

On February 16, the FedRAMP Project Management Office PMO released the new FedRAMP Tailored security controls baseline for public comment comment period closes March 17, 2017. The new FedRAMP Tailored security controls baseline was created for Cloud Service Providers CSPs who have cloud service...

Mozilla Wants to Drop WoSign as Trusted CA

Mozilla has accused a Chinese Certificate Authority of back-dating SHA-1 certificates to get around restrictions barring deprecated certs from being trusted, and is ready to ban the CA for one year. The back-dating is just one of many violations derived after a lengthy investigation of WoSign and...

ISPs Sell Your Data to Advertisers, But FCC has a Plan to Protect Privacy

The Federal Communication Commission FCC has put forward a proposal that aims to protect Internet user's privacy. The proposal pdf will regulate the amount of customers’ online data the Internet Service Providers ISPs are able to collect and sell to the advertising companies. Currently, there is ...