Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Fake bank ads on Instagram scam victims out of money

Several Instagram ads have been found impersonating banks, including the usage of deepfake videos to defraud consumers.

Malwarebytes
Open in Source
#web#mac#git#intel#auth#sap
The importance of managing your SEO strategy in a safe way

As SEO leans towards AI, site owners are more in need of third-party tools, and agencies and updating…

GHSA-crvv-6w6h-cv34: Grafana long dashboard title or panel name causes unresponsives

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

FedRAMP at Startup Speed: Lessons Learned

For organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict compliance requirements and a notoriously long runway, many companies assume the path to authorization is reserved for the well-resourced enterprise. But that’s changing. In this post, we break down how fast-moving startups can realistically achieve FedRAMP Moderate authorization without derailing

When legitimate tools go rogue

Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.

Famous Chollima deploying Python version of GolangGhost RAT

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.

GHSA-2hcm-q3f4-fjgw: OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number

Scammers are abusing sponsored search results, displaying their scammy phone number on legitimate brand websites.

Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," the

GHSA-wgc6-9f6w-h8hx: microlight allows a denial of service

A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content (e.g., 100 million characters) is processed, the reset function in microlight.js consumes excessive memory and CPU resources, causing browser crashes or unresponsiveness. An attacker can exploit this vulnerability by tricking a user into visiting a malicious web page containing a microlight element with large content, resulting in a denial of service.