Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise

You don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned...

An Ultra-Sub-Wavelength Microwave Polarization Switch Implemented with Directed Surface Acoustic Waves in a Magnonic Crystal

The ability to switch the polarization of a transmitted electromagnetic wave from vertical to horizontal, or vice versa, is of great technological interest because of its many applications in long distance communication. Binary bits can be encoded in two orthogonal polarizations and transmitted...

India's Cyber Leaders Prepare for AI-Driven Threats

As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders in Mumbai, Delhi, and Bengaluru to address the most pressing cyber threats faci...

Qualys Recognized as The Leader in Attack Surface Management by KuppingerCole

In today’s ever-evolving security landscape, organizations face an unprecedented expansion of digital assets—and with that expansion comes a growing attack surface. We're proud to announce that Qualys has been named The Leader in the2025 KuppingerCole Leadership Compass for Attack Surface...

Heterogeneous Secure Transmissions in IRS-Assisted NOMA Communications: CO-GNN Approach

Intelligent Reflecting Surfaces IRS enhance spectral efficiency by adjusting reflection phase shifts, while Non-Orthogonal Multiple Access NOMA increases system capacity. Consequently, IRS-assisted NOMA communications have garnered significant research interest. However, the passive nature of the...

Seeing Is Securing: How Surface Command Expands MDR Visibility and Impact

Imagine hiring a professional security team to guard your home — only to discover they’re doing so by monitoring camera feeds from only the front of the house — securing the front door but blissfully unaware of the unlocked window in the back. That’s what many organizations face today when relyin...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the ValidateSurfaceHeader function. An attacker can read data outside the intended buffer boundaries by manipulating the pcSurface2 argument. This is only exploitable if the attacker has local access to the...

CVE-2025-5165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

DEBIAN-CVE-2025-5165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

PYSEC-2025-172

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

CVE-2025-48414

There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface...

CVE-2024-49383

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 38690...

CVE-2018-0899

creationtimestamp| type| source ---|---|--- 2025-05-23 05:00:00+00:00| seen| https://projectzero.google/2025/05/the-windows-registry-adventure-7-attack-surface.html 2025-05-23 07:05:54+00:00| seen| https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html...

CVE-2018-0898

creationtimestamp| type| source ---|---|--- 2025-05-23 05:00:00+00:00| seen| https://projectzero.google/2025/05/the-windows-registry-adventure-7-attack-surface.html 2025-05-23 07:05:54+00:00| seen| https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html...

CVE-2020-1378

creationtimestamp| type| source ---|---|--- 2025-05-23 05:00:00+00:00| seen| https://projectzero.google/2025/05/the-windows-registry-adventure-7-attack-surface.html 2025-05-23 07:05:54+00:00| seen| https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html...

CVE-2023-41742

Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...

CVE-2023-21026

In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-20956

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L...

CVE-2023-0435

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

The Windows Registry Adventure #7: Attack surface analysis

Posted by Mateusz Jurczyk, Google Project Zero In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this...