Aggregator

You must login to view this content

GitHub has rolled out a significant security enhancement to GitHub Actions by updating actions/checkout to block unsafe workflows that abuse the pull_request_target event. The pull_request_target trigger is widely known as one of the most misused events because it runs with the base repository’s GITHUB_TOKEN, secrets, and default-branch cache access, even when the pull request comes from an untrusted fork. When maintainers check […]

The post GitHub Actions Checkout Update Blocks Workflows Triggered by Malicious pull_request_target appeared first on Cyber Security News.

pgAdmin 4 version 9.16 has been released, delivering a combination of new features, bug fixes, and critical security updates to strengthen the widely used PostgreSQL management platform. The update includes 64 bug fixes and addresses seven security vulnerabilities, tracked as CVE-2026-12044 through CVE-2026-12050. pgAdmin remains one of the most popular open-source graphical tools for managing […]

The post pgAdmin 4 Released With Fixes for Seven Security Vulnerabilities and New Features appeared first on Cyber Security News.

You must login to view this content

QNAP has released security updates to address multiple vulnerabilities affecting its widely used NAS operating systems, including QTS, QuTS hero, QuTS cloud, and QVP (QVR Pro appliances). The advisory highlights a series of critical flaws that could allow attackers to execute arbitrary commands, trigger denial-of-service (DoS) conditions, and bypass access controls. The vulnerabilities, disclosed on […]

The post QNAP Patches Multiple Injection Vulnerabilities Leads to Arbitrary Command Execution appeared first on Cyber Security News.