Latest News

Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 2025.7.1 to resolve the issue. Thank you to Elad Beber (Cymulate) for reporting these issues.

Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 2025.7.1 to resolve. Thank you to Elad Beber (Cymulate) for reporting these issues.

As the largest managed security services provider, the combined entity will offer cyber consulting, managed detection and response, and incident response services.

Microsoft warns thousands of North Korean workers have infiltrated tech, manufacturing, and transportation sectors to steal money and data.

Cyber insurance companies were forced to adapt once ransomware skyrocketed and highlighted crucial security weaknesses among organizations in all sectors.

Teaching employees to detect malicious emails isn't really having an impact. What other options do organizations have?

The US also conducted searches of 29 "laptop farms" across 16 states and seized 29 financial accounts used to launder funds.

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0. "This is one

### Summary Certs generated by v4 contain their private key. ## Details ### Background Recently, I encountered an API in Go that’s easy to misuse: sha512.Sum384 and sha512.New384().Sum look very similar and behave very differently. https://go.dev/play/p/kDCqqoYk84k demonstrates this. I want to discuss extending static analysis to detect this case with the go community, but before I do that, I want to make a best-effort pass at open-source projects to fix the existing bugs. I figured that if there were any vulnerabilities out there, they would be easy to find once that discussion begins, so it’s better to address them early. This work is a hobby project and has no affiliation with my employer, so I may be slow to respond due to existing commitments. ### PoC https://go.dev/play/p/vSW0U3Hq4qk ### Impact [This code](https://github.com/juju/utils/blob/0141ef0ee74a0cac603c5c9e4aff194008722f41/cert/cert.go#L120) (cert.NewLeaf) generates certs with the SubjectKeyId set to `sha512.Ne...

There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. * Unclear how large the potential write could be. It is likely limited by process segfault, so it's not necessarily deterministic. It may be practically unbounded. * Unclear if there's a restriction on the bytes that could be emitted. It's likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16. This was introduced in Pillow 11.2.0 when the feature was added.