Microsoft security researchers discovered that a third-party Android SDK widely used in cryptocurrency wallet applications is affected by a severe vulnerability that could expose highly sensitive information. The vulnerability was found in EngageLab’s EngageSDK, which is designed for managing messaging… Read More "Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users"
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel… Read More "Bringing Rust to the Pixel Baseband"
No one checked oversized requests While the previous authorization bypass was triggered when request Content-Length was set to 0, no one checked at the time what would happen in the same function if the request exceeded a certain size. “When… Read More "Old Docker authorization bypass pops up despite previous patch"
A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing malware, expanding the ongoing supply chain campaign linked to the TeamPCP threat group. The newly discovered compromise affects the LiteLLM package on PyPI… Read More "TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise"
Anthropic said this week that the debut of its new Claude Mythos Preview model marks a critical juncture in the evolution of cybersecurity, representing an unprecedented existential threat to existing software defense strategies. So, is it more AI hype—or a… Read More "Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think"
A threat actor built an exploit for a critical-severity vulnerability in Marimo and started using it in attacks roughly nine hours after the bug’s public disclosure, cloud security firm Sysdig reports. Marimo is an open source reactive notebook for Python… Read More "Critical Marimo Flaw Exploited Hours After Public Disclosure"
The US Federal Communications Commission (FCC) has banned the import and sale of all “consumer-grade” internet routers produced in a foreign country, citing “an unacceptable risk” to the national security of the US. The ban, announced in an FCC public… Read More "US: FCC Bans Foreign-Made Routers Over National Security Concerns"
Nine vulnerabilities in the open source Digital Imaging and Communications in Medicine (DICOM) server Orthanc allow attackers to crash servers, leak data, and execute arbitrary code remotely. A lightweight standalone DICOM server for healthcare and medical research, Orthanc supports the… Read More "Orthanc DICOM Vulnerabilities Lead to Crashes, RCE"
Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is pushing federal contractors to demonstrate, not just assert, that they can protect sensitive government data. Eligibility for contracts now depends on the ability to show how controlled unclassified information (CUI) is handled,… Read More "CMMC compliance in the age of AI"
Cyber attackers have become so prolific at abusing legitimate enterprise accounts and identity systems to compromise networks that it has become a “mass-marketed impersonation crisis,” security analysts at SentinelOne have warned. This creates a problem, because an adversary using valid… Read More "Hackers Exploit Compromised Enterprise Identities at Industrial Scale"
