Latest News

### Summary A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use for internal communications. ### Details When Socket.IO servers are configured to use a message queue backend such as Redis for inter-server communication, messages sent between the servers are encoded using the `pickle` Python module. When a server receives one of these messages through the message queue, it assumes it is trusted and immediately deserializes it. The vulnerability stems from deserialization of messages using Python's `pickle.loads()` function. Having previously obtained access to the message queue, the attacker can send a python-socketio server a crafted pickle payload that executes arbitrary code during deserialization via Python's `__reduce__` method. ### Impact This ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAScreen are affected: DIAScreen: Version 1.6.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 Delta Electronics DIAScreen can write data outside of the intended memory buffer when a valid user opens a maliciously crafted project file. CVE-2025-59297 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H). A CVSS v4 score has also been calculated for CVE-2025-59297. A base score of 6.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC...

The leak exposed the names, Social Security numbers, and health details of more than 90,000 military patients, troops, veterans, and their families.

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published last week. "These plugins are

A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed.

Security researchers at UC Irvine reveal the 'Mic-E-Mouse' attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy.

A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models.

The stolen data includes names, emails, limited billing information, and some government-ID images.

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. "An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,