ZDI-25-043: Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI...
ZDI-25-044: Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability
This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI...
ZDI-25-045: 7-Zip Mark-of-the-Web Bypass Vulnerability
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in...
ZDI-25-031: Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI...
ZDI-25-032: Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in...
DSA-5846-1 libreoffice – security update
Thomas Rinsma discovered two security vulnerabilities in LibreOffice, which could result in information disclosure or overwriting of files when opening malformed documents. https://security-tracker.debian.org/tracker/DSA-5846-1 Read More
Friday Squid Blogging: Opioid Alternatives from Squid Research
Is there nothing that squid research can’t solve? “If you’re working with an organism like squid that can edit genetic information way better than any...
Stories from the SOC: Caught in the Trap: Detecting and Defending Against RaccoonO365 Phishing Campaigns
Executive Summary In September 2024, LevelBlue conducted a comprehensive threat hunt targeting artifacts indicative of Phishing-as-a-Service (PhaaS) activity across our monitored customer fleet. During the...
US Supreme Court Gives Green Light to TikTok Ban
The Supreme Court has upheld a law that could potentially ban TikTok in the US Read More
mediawiki-1.41.5-1.fc40
FEDORA-2025-11277f6779 Packages in this update: mediawiki-1.41.5-1.fc40 Update description: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PFTE5RHUERS6KTUGGRZO7XXV5THNJ77E/ https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/5NYC4UZLY3MWQZ6DYJAUQRJG2ZHZFBJ6/ Read More
