Aggregator

Discover Practical AI Tactics for GRC — Join the Free Expert Webinar

The Hackers News
2 weeks 1 day ago
Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It's no longer a future concept—it's here, and it's already reshaping how teams operate. AI's capabilities are profound: it's speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more
The Hacker News

Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc

The Hackers News
2 weeks 1 day ago
BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking in your IAM, the privilege sprawl from thousands of new
The Hacker News

Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics

The Hackers News
2 weeks 1 day ago
Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity in the country for a week. The attacks
The Hacker News

Python Foundation rejects US government grant earmarked for security improvements

Help Net Security
2 weeks 1 day ago

The Python Software Foundation (PSF) has rejected a $1.5 million government grant due to restrictive conditions that would force the foundation to betray its mission and its community, the programming non-profit announced on Monday. “In January 2025, the PSF submitted a proposal to the US government National Science Foundation [NSF] under the Safety, Security, and Privacy of Open Source Ecosystems program to address structural vulnerabilities in Python and PyPI,” Loren Crary, PSF’s deputy executive director … More →

The post Python Foundation rejects US government grant earmarked for security improvements appeared first on Help Net Security.

Zeljka Zorz

CVE-2025-49795 | libxml Schematron Schema Report xmlSchematronFormatReport null pointer dereference (EUVD-2025-18416 / Nessus ID 241600)

Vuldb Updates
2 weeks 1 day ago
A vulnerability was found in libxml. It has been rated as problematic. This affects the function xmlSchematronFormatReport of the component Schematron Schema Report Handler. Performing manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-49795. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2025-11989 | GitLab Enterprise Edition up to 18.3.4/18.4.2/18.5.0 Description authorization (Patch 1426 / WID-SEC-2025-2376)

Vuldb Updates
2 weeks 1 day ago
A vulnerability classified as problematic has been found in GitLab Enterprise Edition up to 18.3.4/18.4.2/18.5.0. This issue affects some unknown processing of the component Description Handler. The manipulation leads to missing authorization. This vulnerability is listed as CVE-2025-11989. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-6601 | GitLab Enterprise Edition up to 18.4.2/18.5.0 logic error (Patch 551267 / WID-SEC-2025-2376)

Vuldb Updates
2 weeks 1 day ago
A vulnerability described as problematic has been identified in GitLab Enterprise Edition up to 18.4.2/18.5.0. This vulnerability affects unknown code. Executing manipulation can lead to business logic errors. This vulnerability is tracked as CVE-2025-6601. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-11974 | GitLab Community Edition/Enterprise Edition up to 18.3.4/18.4.2/18.5.0 API Endpoint allocation of resources (Patch 571761 / WID-SEC-2025-2376)

Vuldb Updates
2 weeks 1 day ago
A vulnerability marked as problematic has been reported in GitLab Community Edition and Enterprise Edition up to 18.3.4/18.4.2/18.5.0. This affects an unknown part of the component API Endpoint. Performing manipulation results in allocation of resources. This vulnerability is identified as CVE-2025-11974. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-11971 | GitLab Enterprise Edition up to 18.3.4/18.4.2/18.5.0 Pipeline Execution authorization (Patch 566587 / WID-SEC-2025-2376)

Vuldb Updates
2 weeks 1 day ago
A vulnerability categorized as problematic has been discovered in GitLab Enterprise Edition up to 18.3.4/18.4.2/18.5.0. Affected is an unknown function of the component Pipeline Execution Handler. The manipulation results in incorrect authorization. This vulnerability was named CVE-2025-11971. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-30189 | Dovecot 2.4 Authentication Cache access control (Nessus ID 269908 / WID-SEC-2025-2439)

Vuldb Updates
2 weeks 1 day ago
A vulnerability categorized as critical has been discovered in Dovecot 2.4. Impacted is an unknown function of the component Authentication Cache. Executing manipulation can lead to improper access controls. This vulnerability is handled as CVE-2025-30189. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.
vuldb.com

Managed ad