symfony/ux-icons XSS via unsanitized SVG content in local files and Iconify on-demand responses

Description The uxicon Twig function is marked issafe='html', so Twig never escapes its output. Icon::toHtml inlines the SVG source verbatim into the page. Browsers execute elements and on event-handler attributes found inside inline SVG, making any unsanitized icon a vector for cross-site...

CVE-2026-32607 Discourse: Stored XSS via unescaped assignee name

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

PT-2026-7190

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx...

Building a Transparent Keyserver

Today, we are going to build a keyserver to lookup age public keys. That part is boring. What’s interesting is that we’ll apply the same transparency log technology as the Go Checksum Database to keep the keyserver operator honest and unable to surreptitiously inject malicious keys, while still...

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak...

EUVD-2017-11837

Malware in sbrugna...

EUVD-2021-26346

Malware in sbrugna...

EUVD-2014-6436

Malware in sbrugna...

EUVD-2020-19366

Malware in sbrugna...

EUVD-2017-14116

Malware in sbrugna...

Selecting Cybersecurity Requirements: Effects of LLM Use and Professional Software Development Experience

This study investigates how access to Large Language Models LLMs and varying levels of professional software development experience affect the prioritization of cybersecurity requirements for web applications. Twenty-three postgraduate students participated in a research study to prioritize...

EUVD-2024-2951

Malicious code in bioql PyPI...

Generative Engine Optimisation: What It Is and Why You Need an Agency for It

As digital marketing keeps changing, staying ahead means adopting the latest strategies that enhance online visibility and user…...

Malicious code in ux-aspects (npm)

The package ux-aspects was found to contain malicious code...

MAL-2025-38022 Malicious code in ux-aspects (npm)

The package ux-aspects was found to contain malicious code...

Human-Centred AI in FinTech: Developing a User Experience (UX) Research Point of View (PoV) Playbook

Advancements in Artificial Intelligence AI have significantly transformed the financial industry, enabling the development of more personalized and adaptable financial products and services. This research paper explores various instances where Human-Centred AI HCAI has facilitated these...

A week with a "smart" car

Welcome to this week's edition of the Threat Source newsletter. June 9 was Whit Monday -- a bank holiday here in Germany -- so I decided to take the whole week off. It turned out to be the perfect opportunity to try out a brand new car. Little did I know, I was about to get a crash course in mode...

Description of the security update for SharePoint Enterprise Server 2016: June 10, 2025 (KB5002732)

Description of the security update for SharePoint Enterprise Server 2016: June 10, 2025 KB5002732 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2025:01813-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01813-1 advisory. Update to Mozilla Thunderbird 128.10.2 MFSA 2025-40, bsc1243303: Security fixes: - CVE-2025-491...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2025:01660-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01660-2 advisory. Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender...