WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as...

EUVD-2020-27313

Malware in sbrugna...

EUVD-2023-32925

Malicious code in bioql PyPI...

EUVD-2024-1894

Malicious code in bioql PyPI...

EUVD-2025-19066

Malicious code in bioql PyPI...

EUVD-2023-40379

Malicious code in bioql PyPI...

CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

GHSA-VHGQ-R8GX-5FPV Ibexa Admin UI assets XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

CVE-2005-4759

BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages...

PT-2025-13894

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.4 Description The issue allows an app to potentially access protected user data due to inadequate checks. This has been addressed with improved checks. Recommendations For versions prior to 15.4, update to macOS...

New Microsoft 365 Phishing Scam Tricks Users Into Calling Fake Support

New Microsoft 365 phishing scam exploits fake support numbers to steal credentials. Learn how attackers bypass security and how to stay protected...

Linux Distros Unpatched Vulnerability : CVE-2024-37891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to...

CVE-2024-37164

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...

How Garmin watches reveal your personal data, and what you can do

TL;DR A walk-through of obtaining sensitive data from a Garmin watch using forensic techniques How digital forensics on a Garmin watch helped solve a double murder case A comparison of Garmin's privacy with other brands including Fitbit, Apple, and Samsung Understand the security and privacy...

CVE-2024-50349

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...

“Simply staggering” surveillance conducted by social media and streaming services, FTC finds

The US Federal Trade Commission FTC released a report that examines the data collection and use practices of major social media and video streaming services, finding that—and this will not come as a surprise to our regular readers—the companies engaged in vast surveillance of consumers in order t...

Polyfill Library Injected with Malware Impacting 100,000 Websites

A trusted JavaScript library, Polyfill.io, became a malware delivery system. Security experts exposed the attack and the potential consequences for website visitors. Learn how this supply chain attack highlights the importance of web development security and what steps developers can take to...

XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

Impact It is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. No...

CVE-2024-0436

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

IBM Trusteer Code Issue Vulnerability

IBM Trusteer is a suite of security solutions from International Business Machines IBM focused on providing security tools for cybercrime prevention and end-user protection. IBM Trusteer has a code issue vulnerability that stems from the presence of certain undisclosed issues that could allow fil...