Latest News

Regulators are ready to enforce new state data privacy laws. Here's how experts say organizations can stay compliant and avoid penalties.

Global law enforcement seizes 12 domains including Sellix, Cracked and Nulled, €300,000 in cash and cryptocurrencies, and multiple…

The FBI and authorities in The Netherlands this week seized a number of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname "The Manipulaters," have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

The deal, expected to close this quarter, will give Tenable One Exposure Management much-needed integration with over 100 third-party security tools and platforms.

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15

Security researchers tested 50 well-known jailbreaks against DeepSeek’s popular new AI chatbot. It didn’t stop a single one.

Nine application security toolmakers band together to fork the popular Semgrep code-scanning project, touching off a controversy over access to features and fairness.

Massive Pakistani cybercrime network HeartSender has been shut down in a joint US-Dutch operation. Learn how their phishing…

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action. ### Impact Standalone server (Domain mode is not affected) with use access control enabled with RBAC provider can be suspended or resumed by unauthorized users. When a server is suspended, the server will stop receiving user requests. The resume handle does the opposite; it will cause a suspended server to start accepting user requests. ### Patches Fixed in [WildFly Core 27.0.1.Final](https://github.com/w...

### Summary While rebuilding [PMD Designer](https://github.com/pmd/pmd-designer) for Reproducible Builds and digging into issues, I found out that passphrase for `gpg.keyname=0xD0BF1D737C9A1C22` is included in jar published to Maven Central. ### Details See https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/net/sourceforge/pmd/pmd-designer/README.md I removed 2 lines from https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/net/sourceforge/pmd/pmd-designer/pmd-designer-7.0.0.diffoscope but real content is: ``` ├── net/sourceforge/pmd/util/fxdesigner/designer.properties │ @@ -1,14 +1,12 @@ │ #Properties │ checkstyle.plugin.version=3.3.1 │ checkstyle.version=10.14.0 │ -gpg.keyname=0xD0BF1D737C9A1C22 │ -gpg.passphrase=evicx0nuPfvSVhVyeXpw │ jar.plugin.version=3.3.0 │ -java.version=11.0.22 │ +java.version=11.0.25 │ javadoc.plugin.version=3.6.3 │ jflex-output=/home/runner/work/pmd-designer/pmd-designer/target/generated-sources/jflex...