2625 matches found
EUVD-2026-36095
Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance...
Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps
The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance...
Enhanced License Plate Tracking
The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers ALPRs that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and...
Malicious code in sysnu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...
MAL-2026-5617 Malicious code in sysnu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...
Malicious code in sensivity (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef8c17866ac1aee489e207f2a4cdb2eefbd17336edd0398b34c40ee5c69a8ef5 On require/import package main is launcher.js with no install hook, the package performs the following without consent: 1 Persistence — runs PowerShe...
MAL-2026-5558 Malicious code in sensivity (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef8c17866ac1aee489e207f2a4cdb2eefbd17336edd0398b34c40ee5c69a8ef5 On require/import package main is launcher.js with no install hook, the package performs the following without consent: 1 Persistence — runs PowerShe...
Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick
US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools...
CVE-2026-49822 Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent...
CVE-2026-49822
CVE-2026-49822 affects the Fission framework (Kubernetes-native serverless) prior to version 1.24.0. A low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace could establish a persistent surveillance channel into other namespaces, enabling cross-namespace e...
Mapping Every Flock License Plate Reader Near US World Cup Stadiums
Most US World Cup stadiums are surrounded by surveillance cameras. Want to know if you’re being watched on your way to a match? These maps will help you...
Soccer Fans, You’re Being Watched
From anti-drone tech to face recognition, 2026 World Cup stadiums in the US, Canada, and Mexico are subjecting fans to an array of surveillance tech. Here’s what you need to know...
PT-2026-48504
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. A flaw exists where a low-privilege developer with permissions to creat...
Meta’s face-recognition code raises new concerns about smart glasses
Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,” into its Meta AI companion app, which powers the company’s smart glasses. The code was not...
CVE-2024-47272
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...
CVE-2024-47267
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...
CVE-2024-47270
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...
CVE-2024-47268
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
CVE-2024-47271
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
CVE-2024-47269
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...