Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-hj2p-8wj8-pfq4: kubernetes allows nodes to bypass dynamic resource allocation authorization checks

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.

ghsa
Open in Source
#vulnerability#kubernetes#perl#auth
Telegram Purged Chinese Crypto Scam Markets—Then Watched as They Rebuilt

Last month, Telegram banned black markets that sold tens of billions of dollars in crypto scam-related services. Now, as those markets rebrand and bounce back, it’s done nothing to stop them.

Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content

Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place. "Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semantic

GHSA-wxj7-3fx5-pp9m: MLFlow SSRF via gateway_proxy_handler

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025. Stating that the ongoing conflict has created a "heightened threat environment" in the country, the Department of Homeland Security (DHS) said in a bulletin that cyber actors are likely to

Attackers Use Docker APIs, Tor Anonymity in Stealthy Crypto Heist

The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners.

A CISO's AI Playbook

In a market where security budgets flatten while threats accelerate, improving analyst throughput is fiscal stewardship.

XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks

Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025. The attack chains are said to have leveraged a collection of Windows shortcut (LNK) files as part of a multi-stage procedure to deploy the malware, French cybersecurity company HarfangLab said. XDSpy is the name assigned to a cyber

Fake DMV Texts Scam Hit Thousands in Widespread Phishing Campaign

A series of fraudulent text messages impersonating state Departments of Motor Vehicles (DMVs) has spread throughout the United…