CVE-2026-23354

A flaw was found in the Linux kernel. This vulnerability affects the handling of speculative execution, a technique used by modern processors to improve performance. A protection mechanism intended to prevent information leakage can be bypassed when its result is temporarily stored in memory,...

PT-2026-21251

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

CVE-2022-42467

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

Attack the Messages, Not the Agents: a Multi-Round Adaptive Stealthy Tampering Framework for LLM-MAS

Large language model-based multi-agent systems LLM-MAS effectively accomplish complex and dynamic tasks through inter-agent communication, but this reliance introduces substantial safety vulnerabilities. Existing attack methods targeting LLM-MAS either compromise agent internals or rely on direct...

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking...

Default credentials

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

CVE-2022-42467

Summary of affected component: Apache Isis h2 webconsole module in prototype mode. Vulnerability mechanism: The webconsole is automatically available in prototype mode, enabling direct database queries; safeguards require explicit enablement via configuration. Root cause/mitigation details: Since...

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

A new phishing-as-a-service PhaaS toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication 2FA protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to...

2022 Planning: Simplifying Complex Cybersecurity Regulations

Compliance does not equal security, but it’s also true that a strong cybersecurity program meets many compliance obligations. How can we communicate industry regulatory requirements in a more straightforward way that enhances understanding while saving time and effort? How can we more easily...

Key considerations for building vs. buying identity access management solutions

Time and time again, organizations learn the hard way that no matter which security solutions they have in place, if they haven’t properly secured the end user, their efforts can be easily rendered moot. The classic slip-up most often associated with end-user-turned-insider-threat is falling for ...

WordPress 4.0.1 Cross-Site Scripting Vulnerability Patch

WordPress’s latest update, 4.0.1, patches a critical cross-site scripting vulnerability affecting comment boxes on websites running the content management system software. An attacker would need only to inject malicious JavaScript into a comment that would infect a reader viewing it on the webpag...

Apple Offers Lukewarm Response to Masque Vulnerability

Apple said it is not aware of any customers affected by the Masque vulnerability disclosed earlier this week, and made no mention of a timeline when it might release an update patching the security hole. Masque is a vulnerability in iOS 7.1.1 and up that puts Apple mobile devices at risk to malwa...

Sprint Responds to Developer's Disclosure of Virgin Mobile Security Shortcoming

A Sprint spokeswoman today responded to a software developer’s claim that millions of Virgin Mobile users are vulnerable to attacks due to inadequate authentication mechanisms. In an email sent to Computerworld, Stephanie Vinge Walsh said Virgin Mobile, a subsidiary of Sprint, has multiple...

Mac App Store Safeguards Bypassed, Opening Up Pirated Apps

Just a day after Apple introduced its Mac App Store, some users already have found a way around the DRM system designed to ensure that they have paid for the apps that they’re using. The technique seems to work only on apps that don’t correctly implement the method for checking the App Store...