Security
Headlines
HeadlinesLatestCVEs

Latest News

Google Bug Allowed Brute-Forcing of Any User Phone Number

The weakness in Google's password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.

DARKReading
Open in Source
#google
Securonix Acquires Threat Intelligence Firm ThreatQuotient

The deal will combine Securonix's security information and event management (SIEM) platform with ThreatQuotient's threat detection and incident response (TDIR) offering to build an all-in-one security operations stack.

GHSA-w5px-5878-m9x4: Drupal Lightgallery Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS). This issue affects Lightgallery: from 0.0.0 before 1.6.0.

GHSA-pwj7-5c7c-mwjc: Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability

Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation. This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.

GHSA-rx97-6c62-55mf: Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.

GHSA-q9h3-r6wr-p3j3: Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse. This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.

GHSA-48wx-8736-jgx2: Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse. This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.

GHSA-c424-hgg9-9c4w: Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

GHSA-r6xj-43cf-9f88: Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

GHSA-266m-wp2v-x7mq: Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability

# Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An attacker could exploit this vulnerability by placing files in particular locations, leading to unintended code execution. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/runtime/issues/116495 ## <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 8.0 application running on .NET 8.0.16 or earlier. * Any .NET 9.0 application running on .NET 9.0.5 or earlier. ## <a name="affected-packages"></a>Affected Packages The vulnerability affects any M...