-
CVE-2025-49710 – Mozilla Firefox Integer Overflow Vulnerability
CVE ID : CVE-2025-49710 Published : June 11, 2025, 12:15 p.m. | 1 day, 6 hours ago Description : An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go…
-
137 Key Cybersecurity Statistics for 2025 and Beyond
137 Key Cybersecurity Statistics for 2025 and Beyond Top cybersecurity facts Staying ahead in cybersecurity means getting the lay of the land—what’s working, what’s not, and what’s changing. This cybersecurity data isn’t just numbers; it’s deep insights … Read more Published Date: Jun 13, 2025 (0 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-1709…
-
Insecure Bootstrap Process in Google’s Cloud SQL Proxy
Summary The bootstrap process for Google’s cloud SQL Proxy CLI uses the “curl | bash” pattern and didn’t document a way to verify authenticity of the downloaded binaries. The vendor updated documentation with information on how to use checksums to verify the downloaded binaries. Vulnerability Details As part of our ongoing research into supply chain…
-
RFC 9116 / “security.txt” Has Been Published
After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: https://t.co/uIqSRo28ak. I would like to use this opportunity to thank those who made this possible. Thank you. pic.twitter.com/Z8SNxd81ZO — Ed (@EdOverflow) April 27, 2022 See: https://www.rfc-editor.org/rfc/rfc9116 Go to Source
-
GitBleed – Finding Secrets in Mirrored Git Repositories – CVE-2022-24975
Summary Due to a discrepancy in Git behavior, partial parts of a source code repository are visible when making copies via the “git clone” command. There are additional parts of the repository that only become visible when using the “–mirror” option. This can lead to secrets being exposed via git repositories when not removed properly,…
-
Insecure Bootstrap Process in Oracle Cloud CLI
Summary The bootstrap process for Oracle Cloud CLI using the “curl | bash” pattern was insecure since there was no way to verify authenticity of the downloaded binaries. The vendor is now publishing checksums that can be used to verify the downloaded binaries. Vulnerability Details As part of our ongoing research into supply chain attacks,…
-
Three Reasons Why Log4J Is So Bad: Ubiquity, Severity and Exploitability
Over the last few weeks, security teams everywhere have been busy patching Log4J vulnerabilities. In this article we want to talk about the three things you can tell your friends why this is way worse. Ubiquity This vulnerability impacts impacts Java applications and those can be found almost anywhere: enterprise, vendor applications, database drivers, Android…
-
WhatsApp for Android Retains Deleted Contacts Locally
Summary WhatApp for Android retains contact info locally after contacts get deleted. This would allow an attacker with physical access to the device to check if the WhatsApp user had interactions with specific contacts, even though they have been deleted. Vulnerability Details When a contact is deleted on WhatsApp, their information about security code changes…
-
Open Redirect Vulnerability in Substack
Summary Substack had a open redirect vulnerability in their login flow which would have allowed an attacker to facilitate phishing attacks. The vendor has deployed a fix for this issue. Vulnerability Details Substack is an online platform that allows users to create and operate free and paid subscription newsletters. This platform had an open redirect…
-
Speaking @Appsec_Village @DEFCON 29
Our talk titled “The Poisoned Diary: Supply Chain Attacks on Install Scripts” was accepted at this year’s @Appsec_Village @DEFCON 29. UPDATE: It will take place on Sunday, August 8th, at 9:05 AM PST / 12:05 PM EDT. Details can be found here – Q&A will take place on DEFCON’s Discord server. Slides (PDF) Video recording…