Search results for: “law enforcement”
Showing results matching your search
Refine your search
-
Roundcube CVE-2025-68461: SVG XSS Vulnerability Enables Silent Email Account Takeover Through Malicious Animate Tags
Roundcube Webmail contains a Cross-Site Scripting vulnerability (CVE-2025-68461, CVSS 7.2) that enables attackers to hijack email accounts by sending malicious SVG files. The flaw exploits improper sanitization of SVG animate tags to execute JavaScript in…
·
·
4–6 minutes -
IBM API Connect CVE-2025-13915: Critical Authentication Bypass Affecting Enterprise API Gateways at Major Financial and Telecom Organizations
IBM API Connect (CVSS 9.8) authentication bypass allows remote attackers to completely bypass login mechanisms and gain unauthorized access to centralized API gateways serving banks, airlines, and telecommunications companies. Affects versions 10.0.8.0-10.0.8.5, 10.0.11.0, 10.0.15.0 with…
·
·
12–19 minutes -
MongoDB MongoBleed CVE-2025-14847: Unauthenticated Memory Leak Under Active Exploitation
A critical pre-authentication memory disclosure vulnerability in MongoDB allows attackers to leak heap memory without credentials. With 87,000+ vulnerable instances globally and active exploitation confirmed, CISA has mandated patches for Federal agencies by January 19,…
·
·
3–5 minutes -
Belgian data trader fined for illegal resale of data
The Belgian data trader Infobel has been hit with a €40,000 fine by the Belgian Data Protection Authority (GBA) for illegally reselling personal data for marketing purposes. The GBA found Infobel lacked proper consent from…
·
·
1–2 minutes -
Unnamed APT Exploits Zero-Days in Citrix and Cisco, Targeting Critical Infrastructure
An unnamed advanced persistent threat (APT) group exploited zero-day vulnerabilities in Citrix NetScaler ADC and Gateway, dubbed “CitrixBleed 2,” and a critical flaw in Cisco Identity Service Engine (ISE). The attacks targeted essential identity and…
·
·
2–3 minutes -
UK Online Safety Push Sparks Transatlantic Free Speech Clash
A contentious legal battle is unfolding across the Atlantic, as the United Kingdom’s communications regulator, Ofcom, faces accusations of extraterritorial overreach in its enforcement of the Online Safety Act against American online platforms, reigniting a…
·
·
3–4 minutes -
What Is Bring Your Own Vulnerable Driver (BYOVD)?
Bring Your Own Vulnerable Driver (BYOVD) is a technique that leverages signed but vulnerable drivers to gain kernel-level access and evade security controls.
·
·
2–3 minutes
