ex-aws-sns-signingcerturl-spoofing-cve-2026-47074
CVE-2026-47074: ex_aws_sns verify_message/1 fails to validate SigningCertURL, allowing unauthenticated SNS message signature spoofing; affects versions 2.0.1 to before 2.3.5.
CVE-2026-47074: ex_aws_sns verify_message/1 fails to validate SigningCertURL, allowing unauthenticated SNS message signature spoofing; affects versions 2.0.1 to before 2.3.5.
Regulations extend behaviour provisions to Academies and pupil referral units, aligning obligations with maintained schools under UK health and safety law.
Why fixing a problem is not the same as preventing it happening again.
Unauthenticated SQL injection in dotCMS Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll allows remote attackers to read, modify or destroy database content; affected versions and fixed release noted.
Explains phased commencement of Housing (Scotland) Act 2025 provisions and what landlords should do to comply with new health and safety duties.
Megalodon used malicious GitHub Actions to steal CI/CD secrets, cloud keys and tokens from 5,500+ repos; immediate secrets rotation, workflow audits and secret managers are essential.
First commencement regulations bring provisions of the Act into force, creating new safeguarding and wellbeing duties for schools and education providers in England.
CVE-2026-25193: installer logs can contain service account credentials; change passwords and delete installer logs under %programdata%\Gallagher\Command Centre.
Critical 9.8 remote code execution in Dolibarr ERP CRM 7.0.3 via the db_name parameter in install/step1.php, unauthenticated attackers can execute arbitrary PHP and run commands via check.php cmd.
CVE-2026-5843: MLX-LM in Docker Model Runner on macOS allows arbitrary Python via model_file in config.json, leading to code execution on the host as the Docker Desktop user. Inventory, isolate and restrict registry pulls immediately.
Operator arrested in Canada after 25,000 DDoS commands and peaks near 31.4 Tbps; practical steps for businesses to verify DDoS readiness and supplier obligations.
New ecodesign and energy information rules for household tumble dryers affect manufacturers and retailers; this article explains business implications and actions.
Let’s start your compliance journey together.
Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.
Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.
Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.