Lloyds Bank reveals how IT bug exposed transaction data
Lloyds Banking Group has identified the glitch that led to some of its customers being able to see details of...
FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers
Iran-linked hackers have claimed responsibility for breaching FBI Director Kash Patel’s personal Gmail inbox, leaking photographs, documents, and email correspondence online. The hacker group...
New Wave of AiTM Phishing Targets TikTok for Business
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages - Read...
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware - Read more
Langflow – Path Traversal Arbitrary File Write via upload_user_file
Langflow - Path Traversal Arbitrary File Write via upload_user_file The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data,...
Langflow – Stored XSS via Malicious SVG Upload
Langflow - Stored XSS via Malicious SVG Upload The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content.Since SVG...
Langflow – Application Logs Exposed to All Authenticated Users
Langflow - Application Logs Exposed to All Authenticated Users The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read...
Langflow – Missing Authorization on download_image endpoint
Langflow - Missing Authorization on download_image endpoint The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download...
Why CVSS is No Longer Enough for Exposure Management
For years, cybersecurity professionals have relied on a familiar metric to dictate their day-to-day priorities: the Common Vulnerability Scoring System (CVSS). In today’s hyper-connected,...
Botpress – Credential Disclosure via Twilio Webhook Handler
Botpress - Credential Disclosure via Twilio Webhook Handler The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'.When processing media messages,...
Latest article
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface...
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack...
Readers reply: Experts say we should use passkeys, but can a smartphone pin really...
The long-running series in which readers answer other readers’ questions on subjects ranging from trivial flights of fancy to profound scientific and philosophical conceptsThis...
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Information published. - Read more
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on...
