Latest News

Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentially, a higher success rate than ever.

The US National Institute of Standards and Technology updated its Digital Identity Guidelines to match current threats. The document detailed technical recommendations as well as suggestions for organizations.

Two critical N-able vulnerabilities enable local code execution and command injection; they require authentication to exploit, suggesting they wouldn't be seen at the beginning of an exploit chain.

Security budgets are lowest in healthcare, professional and business services, retail, and hospitality, but budget growth remained above 5% in financial services, insurance, and tech.

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code.

**Summary** [Amazon Elastic Container Service (Amazon ECS)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an [introspection API](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/introspection-diag.html) that provides information about the overall state of the Amazon ECS agent and the container instances. We identified CVE-2025-9039, an issue in the Amazon ECS agent. **Impact** Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. Impacted vers...

Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign.

Dark Reading's Terry Sweeney and Google's Loren Hudziak discuss how the humble web browser has transformed from a simple web access tool into a common conduit through which a lot of business is done.

Beware of fake Netflix job offers! A new phishing campaign is targeting job seekers, using fraudulent interviews to…

### Summary If `/proc` and `/sys` in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. ### Details For security reasons, container creation should be prohibited if `/proc` or `/sys` in the rootfs is a symbolic link. I verified this behavior with `youki`. When `/proc` or `/sys` is a symbolic link, `runc` fails to create the container, whereas `youki` successfully creates it. This is the fix related to this issue in `runc`. * https://github.com/opencontainers/runc/pull/3756 * https://github.com/opencontainers/runc/pull/3773 * https://github.com/opencontainers/runc/blob/main/libcontainer/rootfs_linux.go#L590 * https://github.com/opencontainers/runc/blob/main/tests/integration/mask.bats#L60 ### Impact The following advisory appears to be related to this vulnerability: * https://github.com/advisories/GHSA-vpvm-3wq2-2wvm * https://github.com/advisories/GHSA-fh74-hm69-rqjw