Latest News

### Impact During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was identified in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability affects **only** installations where the editor configuration meets the following criteria: 1. The [**Block Toolbar**](https://ckeditor.com/docs/ckeditor5/latest/getting-started/setup/toolbar.html#block-toolbar) plugin is enabled. 1. One of the following plugins is also enabled: - [**General HTML Support**](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html) with a configuration that permits unsafe markup. - [**HTML Embed**](https://ckeditor.com/docs/ckeditor5/latest/features/html/html-embed.html). ### Patches The problem has been recognized and...

Though the critical vulnerability was patched in August, Ivanti is reminding customers to update as soon as possible as attacks from unauthenticated threat actors start circulating.

While these threats remain a valid concern, US government agencies have doubled down on their assurances to the American public that election infrastructure is secure.

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch

The advanced Python-based PysSilon malware can steal data, record keystrokes, and execute remote commands. The attackers behind it are promising to leak details of deleted X posts related to accused rapper and music producer Sean Combs.

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller.

DragonForce ransomware is expanding its RaaS operation and becoming a global cybersecurity threat against businesses. Companies must implement…

Vienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' consent. "Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites," noyb said

To maintain AI leadership, Congress and regulatory agencies must recognize that our foreign competitors are working to surpass us.