API Security Based on Automatic OpenAPI Mapping

This paper presents Map Reduce Graph MRG, a novel unsupervised method for modeling and securing HTTP REST APIs. MRG learns API structure from real-world traffic without prior knowledge or labels, automatically generating OpenAPI-compliant documentation by reconstructing routes, methods, and...

CVE-2026-33421

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any...

CVE-2026-33421 Parse Server: LiveQuery bypasses CLP pointer permission enforcement

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any...

CVE-2025-68663

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates aft...

CVE-2025-68663

Outline before version 1.1.0 contains a vulnerability in its WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates after suspension. The issue is fixed in 1.1.0. CVSS metadata in...

Outline 授权问题漏洞

Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.1.0 had issues with authorization vulnerabilities. These vulnerabilities stemmed from defects in the WebSocket authentication mechanism, which could allow suspended users to maintain or establish real-time...

A Practical Honeypot-Based Threat Intelligence Framework for Cyber Defence in the Cloud

In cloud environments, conventional firewalls rely on predefined rules and manual configurations, limiting their ability to respond effectively to evolving or zero-day threats. As organizations increasingly adopt platforms such as Microsoft Azure, this static defense model exposes cloud assets to...

CVE-2025-62175

Mastodon has a vulnerability in streaming API handling: in versions < 4.4.6, < 4.3.14, and

CVE-2025-3648

creationtimestamp| type| source ---|---|--- 2025-07-08 16:21:39+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114818527951888809 2025-07-08 17:33:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lththhxrdw2i 2025-07-10 05:24:00+00:00| seen|...

LLM Access Shield: Domain-Specific LLM Framework for Privacy Policy Compliance

Large language models LLMs are increasingly applied in fields such as finance, education, and governance due to their ability to generate human-like text and adapt to specialized tasks. However, their widespread adoption raises critical concerns about data privacy and security, including the risk...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 352 vulnerabilities disclosed in 310 WordPress...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 78 vulnerabilities disclosed in 63...

A Longstanding Zero-Day in Citrix Devices Exploited Since August

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day exploit, identified as CVE-2023-4966, has been actively targeting critical vulnerabilities in Citrix NetScaler ADC/Gateway devices since late August 2023. This exploit has the potential...

Wallet-Transaction-Monitor - This Script Monitors A Bitcoin Wallet Address And Notifies The User When There Are Changes In The Balance Or New Transactions

This script monitors a Bitcoin wallet address and notifies the user when there are changes in the balance or new transactions. It provides real-time updates on incoming and outgoing transactions, along with the corresponding amounts and timestamps. Additionally, it can play a sound notification o...

Hive Pro Unveils Enhanced Version of HivePro Uni5 Threat Exposure Management Platform v2.1.0

Featuring diversified deployment options, seamless tool integration, and a refined user interface. Milpitas, CA – 3rd April 2023 – Hive Pro, a prominent cybersecurity firm specializing in Threat Exposure Management, today introduced the version update v2.1.0 to its flagship HivePro Uni5 platform,...

Software-Defined Networking Concept Adoption at Akamai

Akamai engineering has adopted new technology concepts to enhance and expand routing capabilities at the edge. Previously, Akamai's traffic-steering capabilities were mainly focused on DNS-based routing. In this article, we would like to give you an in-depth look at how Akamai has embraced new...

Inside a Porn-Pimping Spam Botnet

For several months I've been poking at a decent-sized spam botnet that appears to be used mainly for promoting adult dating sites. Having hit a wall in my research, I decided it might be good to publish what I've unearthed so far to see if this dovetails with any other research out there. In late...

Drupal Nodejs Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language maintained by the Drupal community.Node.js is one of the modules that provides real-time push updates. An access bypass vulnerability exists in the Drupal Nodejs module. This vulnerability allows attackers to...