Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Handala Hackers Claim Massive Data Breach on Israeli Police, Leak 350,000 Files

Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications.

HackRead
Open in Source
#vulnerability#microsoft#git#intel
CMU CERT/CC VINCE v2.0.6 Stored XSS

The framework suffers from an authenticated stored cross-site scripting vulnerability. Input passed to the 'content' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t

By Aleksandar Nikolich Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing

How These Decentralized AI Solutions Secure Their Services in a Disruptive Industry

This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin who are creating new security models for their AI infrastructure.

GHSA-4c37-7m5h-c8m9: Apache Felix Webconsole: XSS in services console

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

Scammers Use Fake Facebook Copyright Notices to Hijack Accounts

A new phishing campaign is targeting businesses with fake Facebook copyright notices.  Learn how to spot the signs and keep your Facebook account secure.

AI’s Role in Cutting Costs and Cybersecurity Threats in Logistics

Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats…

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting

How to adopt platform engineering in 2025

The sheer amount of technologies today has created a massive boom in innovation, allowing organizations globally to create software in a variety of ways. While having numerous technologies to create software is advantageous, it also presents a challenge—managing the complexity of using so many tools and technologies.Platform engineering is an emerging practice to help organizations streamline their tools and infrastructure into a single cohesive point, known as an internal developer portal(IDP). The goal is to consolidate technologies, knowledge and best practices to boost overall productivi

ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability

The ABB Cylon Aspect BMS/BAS controller is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected XSS vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixated session.