CVE-2026-46844

...

epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

CVE-2025-62316

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker CEH credential and a globa...

Unify now or pay later: New research exposes the operational cost of a fragmented SOC

Security operations are entering a pivotal moment: the operating model that grew around network logs and phishing emails is now buckling under tool sprawl, manual triage, and threat actors that outpace defender capacity. New research from Microsoft and Omdia shows just how heavy the burden can...

Enhancing Security Awareness with Cyber Risk Exposure Management

Learn how to strategically tackle human risk for smarter prioritization and lasting behavioral change...

Enhancing security awareness with cyber risk exposure management

Learn how to strategically tackle human risk for smarter prioritization and lasting behavioral change...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +149 more potentially affected by CVE-2025-14082 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.4.7)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.1.7 and more Source cves: CVE-2025-14082 Source advisory: OSV:GHSA-6Q37-7866-H27J...

EUVD-2019-6652

Malware in sbrugna...

EUVD-2014-0035

Malware in sbrugna...

EUVD-2023-31811

Malicious code in bioql PyPI...

EUVD-2022-28656

Malicious code in bioql PyPI...

EUVD-2022-7245

Malicious code in bioql PyPI...

EUVD-2023-31735

Malicious code in bioql PyPI...

CVE-2021-44838

An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies...

CTEM + CREM: Aligning Your Cybersecurity Strategy

Cyber threats evolve daily, and organizations need to move beyond traditional security approaches to stay ahead. That’s why Continuous Threat Exposure Management CTEM, a concept introduced by Gartner, has been gaining traction. CTEM isn’t just another cybersecurity buzzword; it’s a structured,...

Secure Your Attack Surface: Key Findings from IDC's 2024 Spotlight Report

Rapid7 recently collaborated with IDC on their comprehensive Attack Surface Management Spotlight guide. These Spotlight publications deliver expert analyst perspectives on critical business and technology challenges, emerging industry trends, and innovative solutions. We're pleased to share IDC...

CVE-2022-39395

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and...

The vulnerability of the PKIAuthenticationPlugin plugin for the Apache Solr search server allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PKIAuthenticationPlugin plugin for the Apache Solr search server is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...