Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-29828: Windows Schannel Remote Code Execution Vulnerability

Use after free in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.

Microsoft Security Response Center
#vulnerability#windows#rce#auth#Windows Cryptographic Services#Security Vulnerability
CVE-2025-32713: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical

How LMS Software Supports Secure Online Employee Learning

Explore how learning management systems (LMS) software supports safe online learning, protects employee data, and ensures compliance in…

GHSA-826p-4gcg-35vw: GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling

### Summary GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. ### Impact This impacts whoever exposes XML processing with ``gt-xsd-core`` involved in parsing, when the documents carry a reference to an external XML schema. The ``gt-xsd-core`` Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of ``gt-wfs-ng`` DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. ### Resolution GeoTools API change allows EntityResolver to be supplied to the following methods: ```java Schemas.parse( location, locators, resolvers, uriHandlers, entityResolver); Schemas.findSchemas(Configuration configuration, EntityResolver entityResolver); ``` With this API change the `gt-wfs-ng` WFS DataStore ENTITY_RESOLVER parameter is now used. ### Reference * [GHSA-jj54-8f66-c5pc](https://github.com/geoserver/geoser...

The Dangerous Truth About the ‘Nonlethal’ Weapons Used Against LA Protesters

While they can cause serious injuries, “nonlethal” weapons are regularly used in the United States to disperse public demonstrations, including at the recent ICE protests in Los Angeles.

New Trump Cybersecurity Order Reverses Biden, Obama Priorities

The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government's cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design.

GHSA-f5xg-cfpj-2mw6: taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component.