Wardriving assessment across Mexico: Preparing for the 2026 World Cup

Introduction Mexico is one of the host countries for the 2026 FIFA World Cup, with matches to be played in three major cities: Mexico City, Monterrey, and Guadalajara. These locations are expected to see a large influx of international visitors, increasing the potential security risks. Many of...

AI Code in the Wild: Measuring Security Risks and Ecosystem Shifts of AI-Generated Code in Modern Software

Large language models LLMs for code generation are becoming integral to modern software development, but their real-world prevalence and security impact remain poorly understood. We present the first large-scale empirical study of AI-generated code AIGCode in the wild. We build a high-precision...

EUVD-2018-4312

Malware in sbrugna...

EUVD-2018-4309

Malware in sbrugna...

EUVD-2018-4307

Malware in sbrugna...

EUVD-2024-22938

Malicious code in bioql PyPI...

EUVD-2025-22558

Malicious code in bioql PyPI...

EUVD-2021-30181

Malicious code in bioql PyPI...

CVE-2025-0253

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...

CVE-2025-0253 HCL IEM is affected by a cookie attribute not set vulnerability

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...

CVE-2025-0253 HCL IEM is affected by a cookie attribute not set vulnerability

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...

Fedora 41 : kea (2025-b870671130)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b870671130 advisory. - New version 2.6.3 rhbz2368989 - Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803 - kea.conf: Remove /tmp/ from socket-name for existing...

An Automated Blackbox Noncompliance Checker for QUIC Server Implementations

We develop QUICtester, an automated approach for uncovering non-compliant behaviors in the ratified QUIC protocol implementations RFC 9000/9001. QUICtester leverages active automata learning to abstract the behavior of a QUIC implementation into a finite state machine FSM representation. Unlike...

Don't Overlook These 6 Critical Okta Security Configurations

Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With...

CVE-2024-2975

A race condition was identified through which privilege escalation was possible in certain configurations...

Remote Code Execution (RCE)

Rasa is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of maliciously crafted models in Rasa, which allows an attacker to load a model remotely into a Rasa instance if certain security configurations are not in place...

PT-2024-10288 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue concerns an elevation of privilege vulnerability in Microsoft Edge. This vulnerability may allow an attacker to elevate their privileges, potentially leading...

The vulnerability of the PHP programming language interpreter, which allows attackers to circumvent existing security restrictions

The vulnerability of the PHP programming language interpreter is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and manipulate the PHP-FPM logs...

Unauthenticated Access to sensitive settings in Argo CD

Summary The CVE allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. Details Unauthenticated Access: Endpoint: /api/v1/settings Description: This endpoint is accessible without any form of authentication as expected. All sensitive...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...