#auth

Renault UK warns customers of a third-party data breach exposing personal details, stressing vigilance against fraud and confirming no bank data lost.

Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world.

The DataChain library reads serialized objects from environment variables (such as `DATACHAIN__METASTORE` and `DATACHAIN__WAREHOUSE`) in the `loader.py` module. An attacker with the ability to set these environment variables can trigger code execution when the application loads.

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.

Cybercriminals are targeting older Facebook users with fake community and travel groups that push malicious Android apps.

Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google's Gemini AI. Learn why AI assistants are the new weak link.

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MSM Product Vulnerabilities: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow HTML injection via the name parameter or an assertion failure in fuzz_binary_decode, resulting in a crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: MSM: Versions 2.2.10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter. CVE-2023-53155 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). 3.2.2 REACHABLE...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Raise3D Equipment: Pro2 Series Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could result in data exfiltration and compromise of the target device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following firmware versions of the Rasie3D Pro2 Series printers are affected: Pro2 Series: All Versions 3.2 VULNERABILITY OVERVIEW 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 An unauthenticated debug port may allow access to the device file system. CVE-2025-10653 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). A CVSS v4 score has also been calculated for CVE-2025-10653. A base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L...

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real