EUVD-2018-10062

Malware in sbrugna...

EUVD-2011-4708

Malware in sbrugna...

EUVD-2025-9642

Malicious code in bioql PyPI...

CVE-2025-30744

...

CVE-2022-22547

Simple Diagnostics Agent - versions 1.0 up to version 1.57., allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits...

Exploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query

A vulnerability in Kubernetes allows remote code execution. Read how abusing Log Query can lead to a complete takeover of all Windows nodes in a cluster...

CISA: 2022 ISC Annual Review

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%

Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's LLM safety guardrails and produce potentially harmful or malicious responses. The multi-turn aka many-shot attack strategy has been codenamed Bad Likert Judge by Palo Alt...

Exploit for Out-of-bounds Write in Google Chrome

From: https://github.com/github/securitylab/tree/main/SecurityEx...

Medium: golang

Issue Overview: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to...

Don’t Let Zombie Zoom Links Drag You Down

Many organizations -- including quite a few Fortune 500 firms -- have exposed web links that allow anyone to initiate a Zoom video conference meeting as a valid employee. These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely an...

New 'Deep Learning Attack' Deciphers Laptop Keystrokes with 95% Accuracy

A group of academics has devised a "deep learning-based acoustic side-channel attack" that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy. "When trained on keystrokes recorded using the video conferencing software Zoom, an accuracy of 93% was...

Eleven Vulnerabilities Patched in Royal Elementor Addons

On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations. The plugin developers responded on December 26, and we sent over the full...

CVE-2022-22547

Simple Diagnostics Agent - versions 1.0 up to version 1.57., allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits...

Design/Logic Flaw

Simple Diagnostics Agent - versions 1.0 up to version 1.57., allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits...

CVE-2022-22547

Simple Diagnostics Agent - versions 1.0 up to version 1.57., allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits...

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

XStream upgrade to 1.4.18

h3. Problem XStream is vulnerable to security exploits such as highlighted in the image attached. i The list of CVEs can be found in https://x-stream.github.io/security.html This ticket tracks its upgrade to 1.4.18. h3. Environment Confluence v7.13 h3. Workaround Set...

XStream upgrade to 1.4.18

h3. Problem XStream is vulnerable to security exploits such as highlighted in the image attached. i The list of CVEs can be found in https://x-stream.github.io/security.html This ticket tracks its upgrade to 1.4.18. h3. Environment Confluence v7.13 h3. Workaround Set...

Vulnerable version of XStream used in Jira Server and Data Center - CVE-2021-29505

Affected versions of Atlassian Jira Server and Data Center used versions of XStream that were vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. The affected versions of Jira Server and Data Center are before version 8.18.0. Affected versions:...