44 matches found
PINSIGHT: A Comprehensive Threat Exploration of Domain-Adaptive Wi-Fi Based PIN Code Inference
Wi-Fi signals can be exploited by adversaries as a sensing side channel to eavesdrop on physical information. By monitoring propagation effects of radio waves within the victim's environment, attackers can remotely infer sensitive information. One particularly concerning example is PIN code...
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining...
EUVD-2024-53691
Malicious code in bioql PyPI...
CVE-2025-21585
...
CVE-2025-30567
creationtimestamp| type| source ---|---|--- 2025-03-25 19:24:51+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8738 2025-03-25 21:05:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lla6dgu4zc24 2025-03-25 22:00:04+00:00| seen|...
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: k3s, temporal-fips, datadog-agent-fips, kube-logging-operator, hello-world-golang, gomplate, dive, kubernetes-event-exporter, kubebuilder, temporal-ui-server, keda-fips, govulncheck, haproxy-ingress, kube-state-metrics-fips, kustomize, cass-operator-fips-no-pvc-delet...
CVE-2024-48890
creationtimestamp| type| source ---|---|--- 2025-01-14 14:17:52+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpgwyuidj2r 2025-01-14 15:39:39+00:00| seen| https://t.me/cvedetector/15255 2025-01-14 16:28:27+00:00| seen|...
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: k3s, kube-logging-operator, hello-world-golang, haproxy-ingress, kube-fluentd-operator, q, protoc-gen-go, nri-jmx, kubernetes-csi-driver-hostpath, paranoia, tigera-operator, nri-kafka, prometheus-postgres-exporter-fips, kafkaexporter, gobump, kubevela,...
Security Testing: Types, Tools, and Best Practices
Opening Note: Understanding the Core Concepts of Security Analysis Continual developments in technology have elevated the significance of security analysis, a critical phase in software design. You can think of it as a vital diagram within the process of coding, engineered to identify and resolve...
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage
In today's fast-paced digital landscape, the widespread adoption of AI Artificial Intelligence tools is transforming the way organizations operate. From chatbots to generative AI models, these SaaS-based applications offer numerous benefits, from enhanced productivity to improved decision-making...
Mitigate threats with the new threat matrix for Kubernetes
Today, we are glad to release the third version of the threat matrix for Kubernetes, an evolving knowledge base for security threats that target Kubernetes clusters. The matrix, first released by Microsoft in 2020, was the first attempt to systematically cover the attack landscape of Kubernetes...
6 reasons MSPs need a patch management platform
Weve all heard the stories: Organizations getting breached like there's no tomorrow thanks to threat actors exploiting unpatched vulnerabilities. Likewise, weve also all heard the familiar refrain: Patch regularly! But for many businesses--including the Managed Service Providers MSPs that serve...
Introducing Qualys Context XDR: the Difference between Chaos & Clarity
In my role as a product leader, I have the pleasure of meeting security practitioners from organizations big and small, across multiple industry segments and geographies. No matter how large or small their budget or staff is, how much they’ve invested in their tech stack or how much experience th...
What is threat modeling ❓ Definition, Methods, Example
Threat modeling is a method for upgrading the security of an application, system, or business process by distinguishing objections and weaknesses, just as carrying out countermeasures to stay away from or alleviate the impacts of structure dangers. Threat modeling supports recognizing the securit...
What is Vulnerability Assessment and How to Prevent Them❓
A vulnerability assessment is an essential starting step to surveying your association’s receptiveness to security challenges, including physical and computerized security. It can likewise be portrayed as a lot of specific tests planned to recognize deficiencies in your network and its key...
GHSA-XHFX-HGMF-V6VP October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers
Impact When running on servers that are configured to accept a wildcard as a hostname i.e. the server routes any request, regardless of the HOST header to an October CMS instance the potential exists for Host Header Poisoning attacks to succeed. See the following resources for more information on...
October CMS Session ID not invalidated after logout
Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...
GHSA-7GGW-H8PP-R95R October CMS Session ID not invalidated after logout
Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Impact A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide PHP code to be execut...
GHSA-RFJC-XRMF-5VVW Privilege escalation by backend users assigned to the default "Publisher" system role
Impact Backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Patches Issue has been patched in...