Latest News

### Summary Reflected XSS in /api/icon/getDynamicIcon due to unsanitized SVG input. ### Details The endpoint generates SVG images for text icons (type=8). The content query parameter is inserted directly into the SVG <text> tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting unescaped tags allows breaking the XML structure and executing JavaScript. ### PoC Payload: `test</text><script>alert(window.origin)</script><text>` 1. Open any note and click Change Icon -> Dynamic (Text). <img width="713" height="373" alt="image" src="https://github.com/user-attachments/assets/8a4f5ec4-81d6-46cb-8872-841cb2188ed8" /> 2. Change color and paste the payload into the Custom field and click on this icon. <img width="935" height="682" alt="image" src="https://github.com/user-attachments/assets/24d28fbd-a3ce-44f1-a5bb-2cc3f711faf5" /> 3. Intercept and send the request or get path from devtools <img width="1229" height="627" alt="image" src="https://github.com/use...

A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controller repository, and the repository included a settings file that set ANTHROPIC_BASE_URL to an attacker-controlled endpoint, Claude Code would issue API requests before showing the trust prompt, including potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.

2025 has been a year of innovation in automation for customers of Red Hat Ansible Automation Platform. Here are just a few stories from customers that exemplify how Ansible Automation Platform has helped organizations turn automation into a foundation for long-term success.Automation as the foundation for enterprise growthIn 2025, automation evolved from a tactical tool into the foundational architecture for organizations to scale, operate, and adapt. Customers adopted Ansible Automation Platform as a centralized automation control plane, integrating it with other platforms like Red Hat Enterp

Looking back, 2025 was a year of significant milestones for Red Hat Ansible Automation Platform. From a game-changing presence at Red Hat Summit to the launch of Ansible Automation Platform 2.6, the year was filled with a number of exciting new features and momentum!Automation synergy: Red Hat + HashiCorpRed Hat was acquired by IBM in 2019, and in 2025 IBM announced its acquisition of HashiCorp. This made a powerful statement on the future of enterprise automation and hybrid cloud management. Together with HashiCorp's Terraform for Infrastructure-as-Code and Vault for secret management, and An

The notorious Everest ransomware group is claiming to have breached McDonald’s India, the Indian subsidiary of the American…

The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT.

### Impact If Windows MDM is enabled, an attacker can enroll rogue devices by submitting a forged JWT containing arbitrary identity claims. Due to missing JWT signature verification, Fleet accepts these claims without validating that the token was issued by Azure AD, allowing enrollment under any Azure AD user identity. ### Patches - 4.78.3 - 4.77.1 - 4.76.2 - 4.75.2 - 4.53.3 ### Workarounds If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM. ### For more information If you have any questions or comments about this advisory: Email us at [security@fleetdm.com](mailto:security@fleetdm.com) Join #fleet in [osquery Slack](https://join.slack.com/t/osquery/shared_invite/zt-h29zm0gk-s2DBtGUTW4CFel0f0IjTEw)

### Impact Fleet’s debug/pprof endpoints are accessible to any authenticated user regardless of role, including the lowest-privilege “Observer” role. This allows low-privilege users to access sensitive server internals, including runtime profiling data and in-memory application state, and to trigger CPU-intensive profiling operations that could lead to denial of service. ### Patches - 4.78.3 - 4.77.1 - 4.76.2 - 4.75.2 - 4.53.3 ### Workarounds If an immediate upgrade is not possible, users should put the debug/pprof endpoints behind an IP allowlist. ### For more information If you have any questions or comments about this advisory: Email us at [security@fleetdm.com](mailto:security@fleetdm.com) Join #fleet in [osquery Slack](https://join.slack.com/t/osquery/shared_invite/zt-h29zm0gk-s2DBtGUTW4CFel0f0IjTEw)

### Impact If Windows MDM is enabled, an attacker could exploit a cross-site scripting (XSS) vulnerability by convincing an authenticated Fleet user to visit a malicious link. Successful exploitation could allow retrieval of the user’s Fleet authentication token from their browser. A compromised authentication token may grant administrative access to the Fleet API, allowing an attacker to perform privileged actions such as deploying scripts to managed hosts. This issue does not allow unauthenticated access and does not affect instances where Windows MDM is disabled. ### Patches - 4.78.2 - 4.77.1 - 4.76.2 - 4.75.2 - 4.53.3 ### Workarounds If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM. ### For more information If you have any questions or comments about this advisory: Email us at [security@fleetdm.com](mailto:security@fleetdm.com) Join #fleet in [osquery Slack](https://join.slack.com/t/osquery/shared_invite/zt-h29zm0gk-s2DB...

Atlanta, GA, United States, 20th January 2026, CyberNewsWire