Flowise – Missing Authentication on NVIDIA NIM Endpoints
Flowise - Missing Authentication on NVIDIA NIM Endpoints The NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to...
Flowise – PII Disclosure on Unauthenticated Forgot Password Endpoint
Flowise - PII Disclosure on Unauthenticated Forgot Password Endpoint The /api/v1/account/forgot-password endpoint returns the full user object including PII (id, name, email, status, timestamps)...
20th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Booking.com, the Amsterdam-based...
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
Key Points
The Gentlemen ransomware‑as‑a‑service (RaaS) program is rapidly gaining popularity, attracting numerous affiliates and publicly claiming over 320 victims, with the majority of attacks (240)...
FakeWallet crypto stealer spreading through iOS apps in the App Store
In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps...
Transform security logs into OCSF format using a configuration-driven ETL solution
Security logs capture essential security-related activities, such as user sign-ins, file access, network traffic, and application usage. These logs are important for...
Amtrak – 2,147,679 breached accounts
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and...
4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future
Integrate, don't replace. Recorded Future enriches your existing security tools by automatically layering in contextual threat intelligence, reducing manual...
gnutls-cli Lack of Size Restriction on X.509 AIA CA Issuers Certificate
gnutls-cli Lack of Size Restriction on X.509 AIA CA Issuers Certificate Tenable Research has identified that gnutls-cli does not restrict the size of the...
McGraw Hill – 13,500,136 breached accounts
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the...
Latest article
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface...
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack...
Readers reply: Experts say we should use passkeys, but can a smartphone pin really...
The long-running series in which readers answer other readers’ questions on subjects ranging from trivial flights of fancy to profound scientific and philosophical conceptsThis...
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Information published. - Read more
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on...
