Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-g2pq-9jr7-w6gv: Jenkins Git client Plugin file system information disclosure vulnerability

In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

ghsa
Open in Source
#vulnerability#amazon#git#auth
GHSA-gm8g-fh49-qq6v: Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. This has been patched in version 347.v32a_eb_0493c4f.

GHSA-f696-867g-2759: Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Governance-Driven Automation: How Flowable Is Redefining Digital Process Management

A newly published independent research report highlights Flowable’s rise in the digital process automation market. Built on open-source…

Why you should upgrade to Windows 11 now, and how to do it

Support for Windows 10 is ending soon which means you wont get vital security updates. Here's why you should upgrade now.

WhatsApp Bug Anchors Targeted Zero-Click iPhone Attacks

A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.

GHSA-rrpj-r8h7-rm7r: Apache DolphinScheduler Incorrect Default Permissions Vulnerability

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.

Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure

Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws. HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,

Varonis Acquires Email Security Provider SlashNext to Enhance BEC Defenses

Varonis plans to integrate SlashNext's advanced phishing, BEC, and social engineering attack protection capabilities into its data security platform.

Detecting Data Leaks Before Disaster

In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access