#auth

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine…

seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.

### Impact `concat()` may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562 in practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b""`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b"" if self.do_some_side_effect() else b""`. the following example demonstrates how the issue would look in user code ```vyper counter: public(uint256) @external def test() -> Bytes[256]: a: Bytes[256] = concat(b"" if self.sideeffect() else b"", b"aaaa") return a def sideeffect() -> bool: self.count...

The CFPB has decided to withdraw a 2024 rule that was aimed at limiting the sale of Americans’ personal information by data brokers.

A privacy advocacy group has clapped back at Meta over its plans to start training its AI model on European users' data.

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity…

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one.

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.2 is able to address this issue. The identifier of the patch is f7ea6817b90952baaea9baace2a3b4366fee6a63. It is recommended to upgrade the affected component.