Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

GHSA-9c5q-w6gr-fxcq: MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

ghsa
Open in Source
#git#intel#ruby
Remember, remember the fifth of November

This edition, Hazel explores the origins of Guy Fawkes Day and how heeding an anonymous warning prevented an assassination.

GHSA-w832-gg5g-x44m: Open redirect endpoint in Datasette

### Impact Deployed instances of Datasette prior to `0.65.2` and `1.0a21` include an open redirect vulnerability. Hits to the path `//example.com/foo/bar/` (the trailing slash is required) will redirect the user to `https://example.com/foo/bar`. ### Patches This problem has been patched in both Datasette `0.65.2` and `1.0a21`. ### Workarounds If Datasette is running behind a proxy that proxy could be configured to replace `//` with `/` in incoming request URLs.

From Tabletop to Turnkey: Building Cyber Resilience in Financial Services

Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in

ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political

Scam Ads Are Flooding Social Media. These Former Meta Staffers Have a Plan

Rob Leathern and Rob Goldman, who both worked at Meta, are launching a new nonprofit that aims to bring transparency to an increasingly opaque, scam-filled social media ecosystem.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions.

Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative

Cloudflare Scrubs Aisuru Botnet from Top Domains List

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru's overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company's domain name system (DNS) service.

GHSA-gr35-vpx2-qxhc: Weblate leaks the IP of project member inviting user to be reviewer in Audit log

### Summary Weblate leaks the IP address of the project member inviting the user to the project in the audit log. ### Details The audit log included IP addresses from admin-triggered actions, and those could be viewed by invited users. ### Impact The inviting user's (admin's) IP address could be leaked to invited users.