#vulnerability

Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security

Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can

Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called "postmark-mcp" that copied an official Postmark Labs library of the same name. The

Singapore, Singapore, 29th September 2025, CyberNewsWire

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct symlink attacks. The issue affects all Linux deployments where multiple users share the same system. The vulnerability is classified under CWE-379, CWE-377, and CWE-367, indicating insecure temporary file creation and potential race conditions.

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is caught, code injected into the user-supplied search parameter may be exeucted. This is related to but distinct from the issue reported in [CVE-2021-23433](https://security.snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421). **NOTE:** This vulnerability is not exploitable in the default configuration of InstantSearch since searchParameters are not modifiable by users.

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range".

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser.

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7vm2-j586-vcvc. This link is maintained to preserve external references. ## Original Description A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records.

### Impact A **Cross-Site Request Forgery (CSRF)** vulnerability was identified in Apollo’s **Embedded Sandbox** and **Embedded Explorer**. The vulnerability arises from missing origin validation in the client-side code that handles `window.postMessage` events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. #### Who is impacted Anyone embedding [Apollo Sandbox](https://www.apollographql.com/docs/graphos/platform/sandbox#embedding-sandbox) or [Apollo Explorer](https://www.apollographql.com/docs/graphos/platform/explorer/embed) in their website may have been affected by this vulnerability. - Users who embed Apollo Sandbox or Apollo Explorer in their websites via npm packages (`@apollo/sandbox` and `@apollo/explorer`) or direct links to Apollo’s CDN. - Users running Apollo Router with [embedded Sandbox enabled]...