TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety

A damaging new report from Ofcom, the UK's communications regulator, has delivered a stark verdict: TikTok and YouTube's content feeds are "not safe enough" for children. This isn't just another regulatory slap on the wrist. Ofcom is putting out a wake-up call for anyone working in cybersecurity,...

EUVD-2024-53350

Malicious code in bioql PyPI...

CVE-2025-38453

In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...

Leaky Thoughts: Large Reasoning Models Are Not Private Thinkers

We study privacy leakage in the reasoning traces of large reasoning models used as personal agents. Unlike final outputs, reasoning traces are often assumed to be internal and safe. We challenge this assumption by showing that reasoning traces frequently contain sensitive user data, which can be...

Regulating AI Behavior with a Hypervisor

Interesting research: "Guillotine: Hypervisors for Isolating Malicious AIs." Abstract :As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a...

CVE-2025-21877

In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelinkbind Syzbot reports 1 a warning in usbsubmiturb triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelinkbind does not properly...

Schneider Electric EcoStruxure Panel Server

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

CISA: Security and Resiliency Guide - Outdoor Events Annex

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device

Fifteen years ago I blogged about a different SQUID. Here's an update: Fleeing drivers are a common problem for law enforcement. They just won’t stop unless persuaded­--persuaded by bullets, barriers, spikes, or snares. Each option is risky business. Shooting up a fugitive’s car is one possibilit...

South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

Meta has been fined 21.62 billion won $15.67 million by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. The...

Deepfake Taylor Swift images circulate online, politicians call for laws to ban deepfake creation

Deepfake images of Taylor Swift have really made some serious waves. Explicit images of the popstar, generated by Artificial Intelligence AI were posted on social media and Telegram. The images were viewed millions of times. The impact of the deepfake was enormous. Social media platform X formerl...

How to lock out your ex-partner from your smart home

Stalkers can use all kinds of apps, gadgets, devices, and phones to spy on their targets, which are often their ex-partners. Unfortunately, while they no doubt have many positive uses, smart home devices give stalkers an array of tools to keep an eye on their targets. If you are the partner that...

Meta whistleblower says company has long ignored how it sexually endangers children

At a Senate hearing, a Meta whistleblower has revealed some shocking numbers around children’s experiences of its platforms. Arturo Béjar, a former engineering director at Meta, testified before the US Congress on Tuesday. Not only did he share his own daughters’ experience suffering harassment o...

PT-2023-20527 · Unknown · Quill-Mention

Name of the Vulnerable Software and Affected Versions: quill-mention versions prior to 4.0.0 Description: The issue is related to improper user-input sanitization, which can lead to Cross-site Scripting XSS attacks. This occurs via the renderList function. If the mentions list is sourced from...

CVE-2023-32001

Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for...

CVE-2023-35001

creationtimestamp| type| source ---|---|--- 2023-07-05 22:22:05+00:00| seen| https://t.me/cibsecurity/66000 2023-09-01 15:41:02+00:00| published-proof-of-concept| https://t.me/CNArsenal/990 2023-09-02 07:46:01+00:00| published-proof-of-concept| https://t.me/cKure/11481 2023-09-02 12:17:01+00:00|...

All Vulnerabilities for sisregiii.saude.gov.br Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| sisregiii.saude.gov.br ---|--- Open Bug...

Default credentials

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password...

CVE-2021-20119

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password...

CVE-2021-20119

The CVE-2021-20119 vulnerability affects the Arris SurfBoard SB8200 (Docsis 3.1 modem). The password change utility lets an authenticated user bypass safety checks and change the administrator password, due to an access‑control issue in the password-change feature. Impact aligns with administrato...