Microsoft Product Vulnerabilities Detailed
CERT-FR has issued an advisory detailing multiple vulnerabilities discovered in Microsoft products, referencing numerous CVEs. These vulnerabilities could allow an attacker to cause unspecified security issues. Users are advised to consult Microsoft's security bulletins for patch information.
Microsoft Edge Vulnerabilities
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Microsoft Edge, affecting versions prior to 146.0.3856.72. The vulnerabilities could allow an attacker to cause an unspecified security issue. Users are advised to consult Microsoft's security bulletins for patch information.
VMware Product Vulnerabilities - CERTFR Security Advisory
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in various VMware products. These vulnerabilities could allow an attacker to cause unspecified security issues. Affected systems include specific versions of Tanzu Platform, Stemcells, and Tanzu for Postgres.
Synology Products Vulnerability Allows Remote Code Execution
CERT-FR has issued an advisory regarding a critical vulnerability in Synology products that allows for remote code execution. The advisory details affected DSM and DSMUC versions and directs users to Synology's security bulletin for patches, noting that a fix for DSMUC is currently unavailable.
Citrix Products Vulnerabilities
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Citrix NetScaler ADC and Gateway products. These vulnerabilities could lead to data confidentiality breaches and security policy bypasses. Affected versions require immediate patching.
Qnap Products Security Vulnerabilities
CERT-FR has issued an advisory regarding multiple security vulnerabilities discovered in Qnap products. These vulnerabilities could allow attackers to achieve remote arbitrary code execution, denial of service, and data confidentiality breaches. Users are advised to consult Qnap's security bulletins for patch information.
CPython Vulnerability Allows Security Policy Bypass
CERT-FR has issued an advisory regarding a vulnerability in CPython that allows for security policy bypass. The advisory urges users to apply the latest security patches to affected systems. The vulnerability is identified by CVE-2026-4519.
MariaDB Vulnerability: Denial of Service, Potential Code Execution
CERT-Bund has issued a security advisory for MariaDB, detailing a vulnerability that allows remote, authenticated attackers to cause a Denial of Service and potentially execute arbitrary code. The advisory affects specific versions of MariaDB Server across Linux, UNIX, and Windows operating systems.
Python Vulnerability Allows Code Execution
CERT-Bund has issued a security advisory regarding a vulnerability in Python versions prior to 3.15.0, which could allow attackers to execute arbitrary code. The advisory provides mitigation information and notes that the vulnerability affects Linux, UNIX, and Windows operating systems.
GNU libc Vulnerabilities Allow DNS Response Manipulation
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in GNU libc, affecting Linux and other Unix-based systems. These vulnerabilities allow remote attackers to manipulate DNS responses. The advisory provides information on affected versions and mitigation strategies.
etcd Security Advisory: Multiple Vulnerabilities
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in etcd, versions prior to 3.6.9, 3.5.28, and 3.4.42. These vulnerabilities allow attackers to bypass security measures, with a high CVSS base score of 8.6. Affected systems include Linux, UNIX, and Windows.
Linksys MR9600 Router Vulnerability Allows Code Execution
CERT-Bund has issued a security advisory for the Linksys MR9600 Router, detailing a vulnerability that allows remote, authenticated attackers to execute arbitrary code. The advisory highlights a CVSS Base Score of 8.8, indicating a high severity.
MinIO Vulnerability Allows Info Disclosure and Security Bypass
CERT-Bund has issued a security advisory for MinIO, a S3-compatible object storage system. A critical vulnerability (CVSS 9.1) allows remote attackers to disclose information and bypass security measures. The advisory urges users to apply mitigations.
PyTorch Vulnerability Allows Local Code Execution
CERT-Bund has issued a security advisory for PyTorch, detailing a vulnerability that allows local code execution. The advisory affects PyTorch version 2.10.0 on Linux, UNIX, and Windows systems. Mitigation is available.
Uptime Kuma Vulnerability Allows Information Disclosure
CERT-Bund has issued a security advisory for Uptime Kuma, detailing a vulnerability that allows remote authenticated attackers to disclose information. The advisory assigns a CVSS Base Score of 6.5 and a Temporal Score of 5.9, classifying it as medium severity. Mitigation measures are available.
SmarterMail Vulnerabilities Advisory
CERT-Bund has issued a security advisory for SmarterTools SmarterMail, detailing multiple vulnerabilities with a CVSS Base Score of 8.6. These vulnerabilities allow for remote attacks, potentially leading to denial of service, credential exposure, and other impacts. Mitigation is available.
Checkmk Vulnerability Allows Bypassing Security Controls
CERT-Bund has issued a security advisory regarding a vulnerability in Checkmk IT monitoring software. The vulnerability, with a CVSS base score of 6.3, allows authenticated remote attackers to bypass security controls. Affected versions include Checkmk versions prior to 2.6.0b1, 2.5.0b1, and 2.4.0p25.
Keycloak Vulnerabilities Allow Remote Authenticated Attacks
CERT-Bund has issued a security advisory for Keycloak, detailing vulnerabilities that allow remote authenticated attackers to bypass security measures and disclose information. The advisory highlights a CVSS base score of 5.8 and affects Keycloak versions used on Linux and UNIX operating systems.
Langflow Vulnerabilities Advisory
CERT-Bund has issued a security advisory for Langflow, detailing multiple critical vulnerabilities (CVSS Base Score 9.1) that could allow remote code execution, information disclosure, and data manipulation. The advisory affects open-source Langflow versions prior to 1.7.0 and 1.9.0, impacting Linux, UNIX, and Windows operating systems.
PTC FlexPLM and Windchill Vulnerability Allows Code Execution
CERT-Bund has issued a security advisory for critical vulnerabilities in PTC FlexPLM and Windchill software, allowing remote code execution. The advisory lists affected product versions and provides mitigation information. Users are advised to apply available updates to address these severe security risks.
NIST AI Report Expands Evaluation Toolbox with Statistical Models
NIST has released a new publication, NIST AI 800-3, which introduces statistical models to improve the validity and robustness of AI system evaluations. The report distinguishes between benchmark accuracy and generalized accuracy and proposes the use of generalized linear mixed models (GLMMs) for more precise AI performance measurement.
NIST AI Standards Development and Global Engagement
NIST has released its final 'A Plan for Global Engagement on AI Standards' following public comment. This plan outlines NIST's strategy for promoting and developing AI standards globally to foster innovation and public trust in AI systems.
NIST and GSA MOU to Boost AI Evaluation Science in Federal Procurement
NIST's Center for AI Standards and Innovation (CAISI) has signed a Memorandum of Understanding with the General Services Administration (GSA) to enhance AI evaluation science for federal procurement. This collaboration aims to support the USAi platform by developing robust methodologies for assessing AI model performance and security.
NIST Report on AI Monitoring Challenges
NIST has released a new report, NIST AI 800-4, detailing challenges in monitoring deployed artificial intelligence systems. The report identifies six common categories of monitoring and highlights gaps and barriers to effective AI system oversight, based on practitioner workshops and literature reviews.
TRIO-TECH INTERNATIONAL 8-K filing from Van Nuys CA
TRIO-TECH INTERNATIONAL 8-K filing from Van Nuys CA
USPTO Patent Application for Information Processing Apparatus
The USPTO has published a new patent application for an information processing apparatus and its control method. The application, filed by Haruna Sato, describes systems for establishing direct or infrastructure connections based on communication apparatus model information.
USPTO Patent Application: Hybrid Base Station and RRH
The USPTO has published a patent application (US20260082450A1) for a hybrid base station and Remote Radio Head (RRH) system. The application, filed on November 25, 2025, describes a method for switching between internal and external baseband units to control a radio head, providing dual functionality.
USPTO Patent Application: Network Coexistence Airtime Sharing
The USPTO has published a new patent application from Cypress Semiconductor Corporation detailing technologies for network coexistence and airtime sharing. The application describes a method for managing wireless traffic to prevent interference between different wireless network types.
USPTO Patent Application: Backoff Indication for Wireless Random Access
The USPTO has published a new patent application detailing systems and techniques for wireless communications. The application describes a network entity transmitting configurations for a backoff indicator (BI) to user equipment (UE), which influences random access procedures and network energy savings.
USPTO Patent Application for Dynamic Spectrum Management
The USPTO has published a patent application (US20260082236A1) filed by Digital Global Systems, Inc. for a system, method, and apparatus for dynamic, prioritized spectrum management and utilization. The application details a system incorporating monitoring sensors, data analysis, and a semantic engine to create actionable data for spectrum management.
Samsung Patent Application for Semiconductor Device
The USPTO has published a patent application from Samsung Electronics Co., Ltd. for a novel semiconductor device. The application details a specific structure involving a channel layer, a ferroelectric layer with a unique interface region, and a gate electrode, aiming to improve semiconductor performance.
USPTO Patent Application: Machine Learning Measurement Reporting in Wireless Communication
The USPTO has published a patent application from LG Electronics Inc. detailing a method for machine learning-based measurement reporting in wireless communication systems. The application describes a user equipment's process for configuring, obtaining, and transmitting measurement results based on machine learning models.
USPTO Machine Learning for Channel Estimate Patent Application
The USPTO has published a patent application from Lenovo (United States) Inc. related to machine learning for channel estimation. The application details methods for generating channel estimates using machine learning models configured by reference signals.
USPTO Patent Application: Adaptive Loop Filter Methods for Video
The USPTO has published a new patent application (US20260082042A1) filed by BEIJING DAJIA INTERNET INFORMATION TECHNOLOGY CO., LTD. The application details methods and apparatus for adaptive loop filter and cross-component adaptive loop filter for video decoding and encoding, utilizing AI-based classifiers.
USPTO Grants Patent for Wireless Network Capacity Management
The USPTO has granted a new patent (US12581426B2) to Charter Communications Operating, LLC for methods and apparatus for managing capacity in a Citizens Broadband Radio Service (CBRS) network. The patent details techniques for decreasing UE inactivity timer length in response to a power down message while continuing transmissions to UEs at the cell edge.
Lenovo Patent for Power Spectrum Density Configuration
The USPTO has granted Lenovo a patent (US12581424B2) for a power spectrum density based configuration method for user equipment transmitting UCI bits via PUCCH in shared spectrum. The patent details a configuration message that indicates techniques satisfying PUCCH PSD requirements.
Raytheon Patent for Anti-Counterfeiting Fingerprint PUF
The USPTO has granted Raytheon Company a patent for a new anti-counterfeiting physically unclonable function (PUF) device. This technology utilizes a capacitor array with a spatially varying dielectric material to create randomly valued capacitors, aiming to enhance product security.
Intel Patent on Dynamic Tolling Protection Mechanisms
The USPTO has granted Intel Corporation a patent (US12581428B2) for dynamic tolling protection mechanisms and multi-channel management. This patent covers techniques for protecting the usage of frequency bands and managing safety-related messages with varying latency requirements.
Huawei Patent for Sidelink Data Transmission and Power Control
The USPTO has granted Huawei Technologies Co., Ltd. a patent (US12581425B2) for a sidelink data transmission method and related apparatus. The patent covers techniques for updating transmit power based on channel state information received from multiple terminals to optimize data transmission.
Ubiquiti UniFi Network Application Vulnerabilities Addressed
The Cyber Security Agency of Singapore (CSA) has issued an alert regarding multiple vulnerabilities in Ubiquiti UniFi Network Application. Users are advised to update to the latest version immediately to address potential account compromise and privilege escalation risks.
Oracle Critical Vulnerability in Web Services Manager and Identity Manager
The Cyber Security Agency of Singapore (CSA) has issued an alert regarding a critical vulnerability (CVE-2026-21992) in Oracle Web Services Manager and Identity Manager. The vulnerability allows for remote code execution and requires immediate security updates from users and administrators of affected versions.
ICE Asks Illinois Governor Not to Release Criminal Alien Accused of Murder
U.S. Immigration and Customs Enforcement (ICE) has lodged an arrest detainer requesting that Illinois officials not release Jose Medina-Medina, a Venezuelan national described as a criminal illegal alien, who is accused of murdering an 18-year-old college student in Chicago. The individual had previously been released by local authorities after an arrest for shoplifting.