The SpaceX Pre-IPO Market: How Crypto Rails Are Opening Synthetic Access

SpaceX Pre-IPO demand is growing as crypto exchanges offer synthetic exposure to its reported $1.75T valuation without direct equity ownership...

On the Security of Research Artifacts

Research artifacts are widely shared to support reproducibility, and artifact evaluation AE has become common at many leading conferences. However, AE mainly checks whether artifacts work as claimed and can be reproduced. It largely overlooks potential security risks. Since these artifacts are...

ChatGPT, Is This Real? the Influence of Generative AI on Writing Style in Top-Tier Cybersecurity Papers

With the release of ChatGPT in 2022, generative AI has significantly lowered the cost of polishing and rewriting text. Due to its widespread usage, conference organizers instated specific requirements researchers need to adhere to when using GenAI. When asked to rewrite text, GenAI can introduce...

PT-2026-23814

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'ce venue name' CSV field in the on save changes venues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on t...

WordPress The Events Calendar plugin <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API vulnerability

Improper Authorization to Authenticated Contributor+ Event/Organizer/Venue Update/Trash via REST API vulnerability discovered by type5afe in WordPress Plugin The Events Calendar versions = 6.15.16...

CVE-2026-2694

The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'canedit' and 'candelete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with...

CVE-2026-2694 The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API

The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'canedit' and 'candelete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with...

PT-2026-22024

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.16 Description The Events Calendar plugin for WordPress is susceptible to unauthorized modification and potential loss of data. This is due to an insufficient capability check...

The Events Calendar <= 6.15.2 - Information Disclosure

The Events Calendar WordPress plugin = 6.15.2 contains an information disclosure vulnerability caused by REST endpoint exposure, letting unauthenticated attackers extract data about password-protected vendors or venues, exploit requires no authentication. id: CVE-2025-9808 info: name: The Events...

CVE-2025-9808

The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attackers to extract information about password-protected vendors or venues...

CVE-2025-9808 The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure

The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attackers to extract information about password-protected vendors or venues...

CVE-2025-9808

The Events Calendar WordPress plugin (versions up to and including 6.15.2) exposes information via a REST endpoint, enabling unauthenticated attackers to extract data about password-protected vendors or venues. Root cause: REST endpoint information exposure leading to information disclosure. Affe...

Malicious code in node-venues (npm)

The package node-venues was found to contain malicious code...

MAL-2025-27663 Malicious code in node-venues (npm)

The package node-venues was found to contain malicious code...

Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates

Today we released the fifth edition of Cyber Signals, spotlighting threats to large venues, and sporting and entertainment events, based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the State of Qatar’s hosting of the FIFA World...

artsandvenuesdenver.com Cross Site Scripting vulnerability OBB-2819142

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Ticketfly, Major Concert Venues Still Offline After Hack

UPDATE Ticketfly and several major venues’ services are still offline Monday morning as they struggle to recover from a major hack that have brought down their websites and disrupted several public on-sale concert tickets. Ticket distribution service Ticketfly said in a statement that it has...