Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-f9vc-vf3r-pqqq: Harbor repository description page has Cross-site Scripting vulnerability

### Impact In the Harbor repository information, it is possible to inject code resulting in a stored XSS issue. ### Patches Harbor v2.12.3 Harbor 2.11.3 ### Workarounds No ### References ### Credit gleb.razvitie@gmail.com

ghsa
Open in Source
#xss#vulnerability#auth
Lumma Stealer Is Back & Stealthier Than Ever

The operators of the popular and prolific malware wasted no time in regrouping after an FBI takedown in May, and they're back to their old tricks.

Why ISO 42001 Matters for AI Governance at Scale

How a new international standard is shaping the future of responsible AI development and deployment.

New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. "The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes' web addresses and cryptocurrency exchanges," Akamai security researcher Tomer

Suspected Admin of XSS.IS Cybercrime Forum Arrested in Ukraine

Suspected admin of XSS.IS, a major Russian-language cybercrime forum, arrested in Ukraine after years of running malware and data trade operations.

Kerberoasting Detections: A New Approach to a Decade-Old Challenge

Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in highly variable Kerberos traffic. They frequently generate false positives or miss “low-and-slow” attacks altogether.&

Microsoft Most Phished Brand in Q2 2025, Check Point Research

Microsoft was the most impersonated brand in phishing attacks during Q2 2025, accounting for 25% of all attempts, according to Check Point Research.

Meet Hazel Burton

In the first Humans of Talos, Amy sits with Hazel Burton — storyteller, security advocate, and all-around Talos legend. Hazel shares her journey from small business entrepreneurship to leading content programs at Talos.

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers," Matthew Suozzo, Google Open Source Security

GHSA-3r3j-4vrw-884j: files-bucket-server vulnerable to Directory Traversal

All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory.