Latest News
Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies—along with photos of men allegedly involved in the schemes.
Scammers impersonate government agencies on WhatsApp to target job seekers with fake offers, phishing sites, and identity theft…
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials
### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references. ### Original Description In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Artificial intelligence (AI) workloads are revolutionizing the industry, impacting healthcare, finance services, national security and autonomous systems. As part of this revolution, organizations are increasingly moving their AI workloads to the cloud, taking advantage of its scalability, flexibility and cost-effectiveness. Of course this transition to the cloud brings new challenges around data privacy, intellectual property and regulation compliance. Existing virtual machines (VMs) provide isolation between workloads, but they cannot protect workloads from privileged users and software com
# Microsoft Security Advisory CVE-2025-26646: .NET Spoofing Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0.xxx and .NET 8.0.xxx SDK. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in .NET SDK or MSBuild applications where external control of file name or path allows an unauthorized attacked to perform spoofing over a network. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/msbuild/issues/11846 ### <a name="mitigation-factors"></a>Mitigation factors Projects which do not utilize the [DownloadFile](https://learn.microsoft.com/visualstudio/msbuild/downloadfile-task) build task are not susceptible to this vulnerability. ## <a name="affected-software"></a>Affected software * Any installation of .NET 9.0.105 SDK, .NET 9.0.203 SDK ...
### Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication. ### Patches The vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater. To determine if you are vulnerable run on your server: ```bash opkssh --version ``` If the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run: ```bash wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash ``` ### References [CVE-2025-4658](https://www.cve.org/CVERecord?id=CVE-2025-4658) The upst...
### Impact Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. ### Patches Upgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0. ### References [CVE-2025-3757 ](https://www.cve.org/CVERecord?id=CVE-2025-3757)