771 matches found
postMessaged and Compromised
At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient authentication checks in the client and server processes. An attacker can gain unauthorized access to sensitive data by establishing a connection without proper certificate validation or...
IBM 2025 Cost of a Data Breach Report: Lessons for API and AI Security
IBM’s 2025 Cost of a Data Breach Report offers one of the clearest and most comprehensive views yet of how AI adoption is shaping the security landscape. While breach numbers are relatively low – only 13% of organizations reported breaches involving AI models or applications – the report reveals ...
It Looks Like a School Bathroom Smoke Detector. A Teen Hacker Showed It Could Be an Audio Bug
A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow someone to turn it into a secret listening device...
The vulnerability of PackageKit for macOS operating systems, which allows a hacker to trigger a service failure.
The vulnerability of PackageKit for macOS operating systems is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to cause service failures...
Encryption Made for Police and Military Radios May Be Easily Cracked
Researchers found that an encryption algorithm likely used by law enforcement and special forces can have weaknesses that could allow an attacker to listen in...
AI wrote my code and all I got was this broken prototype
Welcome to this week's edition of the Threat Source newsletter. Vulnerabilities within software are a persistent challenge. Software engineers inadvertently tend to make the same mistakes repeatedly, with the same entries appearing in the annual top 25 list of Common Weakness Enumerations each...
The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges
The vulnerability of the Framework component in Android operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
Security update for java-21-openjdk
This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 July 2025 CPU: Security fixes: CVE-2025-30749: several scenarios can lead to heap corruption bsc1246595 CVE-2025-30754: incomplete handshake may lead to weakening TLS protections bsc1246598...
The vulnerability of the microprogrammed software of D-Link DIR-823-Pro wireless routers allows a intruder to gain unauthorized access to Telnet services.
The vulnerability of D-Link DIR-823-Pro wireless routers’ microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to Telnet services...
An Empirical Study on Virtual Reality Software Security Weaknesses
Virtual Reality VR has emerged as a transformative technology across industries, yet its security weaknesses, including vulnerabilities, are underinvestigated. This study investigates 334 VR projects hosted on GitHub, examining 1,681 software security weaknesses to understand: what types of...
PT-2025-29824
Name of the Vulnerable Software and Affected Versions Plack-Middleware-Session versions prior to 0.35 Description The default session ID generator in Plack-Middleware-Session for Perl uses a SHA-1 hash seeded with the built-in rand function, the epoch time, and the process ID PID. The PID...
CVE-2025-30744
...
AlmaLinux 9 : libxml2 (ALSA-2025:10699)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10699 advisory. libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Type confusion leads to Denial of service DoS CVE-2025-49796 libxml...
CVE-2025-7381
CVE-2025-7381 affects Mautic-related Docker images and the PHP base image: an information-disclosure flaw where the X-Powered-By header reveals the PHP version, enabling server fingerprinting. Root cause is PHP’s expose_php behavior; attack surface is the header exposure rather than code executio...
The vulnerability of the Oracle Solaris operating system’s file system allows a perpetrator to gain full control over the application.
The vulnerability of the Oracle Solaris operating system’s file system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...
Can Large Language Models Automate the Refinement of Cellular Network Specifications?
Cellular networks serve billions of users globally, yet concerns about reliability and security persist due to weaknesses in 3GPP standards. However, traditional analysis methods, including manual inspection and automated tools, struggle with increasingly expanding cellular network specifications...
The vulnerability of Notepad++ installer allows a hacker to elevate their privileges and write arbitrary files.
The vulnerability of the Notepad++ text editor is related to deficiencies in access control, resulting from uncontrolled access to search paths. Exploiting this vulnerability can allow attackers to enhance their privileges and write arbitrary files...
The vulnerability of the Mattermost instant messaging application, related to deficiencies in authentication procedures, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Mattermost instant messaging application is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities
AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matter...