Security
Headlines
HeadlinesLatestCVEs

Latest News

US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns

Four individuals admitted to assisting foreign IT workers in gaining employment at US companies by providing false identities and remote access to employer-owned laptops.

DARKReading
Open in Source
GHSA-v5w9-prxf-w882: Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)

### Summary An unauthenticated attacker can exploit the unprotected registration endpoint (/register) to create a new user and bypass authentication. ### Details Critical vulnerability in Flowise 3.0.1 on-premise deployment allows unauthenticated attackers to exploit the /api/v1/account/register endpoint to add a new user and log in using it, enabling authentication bypass. Meaning that the register functionality is by default open, allowing attackers to create an account and use the api without any restrictions or credentials. ### PoC A Flowise 3.0.1 instance was deployed via Docker for the purpose of this demonstration. ![1 Docker](https://github.com/user-attachments/assets/fb0b8627-63e3-4523-881f-a0ff6352b678) After successful deployment the instance setup organization page allows us to register the first account in the system. ![1 newly deployed instance](https://github.com/user-attachments/assets/39d56738-eb97-469e-b96e-61cd7cec64a8) Creating the first user [research@evasec.io...

ghsa
Open in Source
#vulnerability#git#auth#docker
GHSA-7xvh-c266-cfr5: @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message

### Description Since version 4.12.0, Dependency-Track users with the `SYSTEM_CONFIGURATION` permission can configure a "welcome message", which is HTML that is to be rendered on the login page for branding purposes. When rendering the welcome message, Dependency-Track versions before 4.13.6 did not properly sanitize the HTML, allowing arbitrary JavaScript to be executed. ### Impact Users with the `SYSTEM_CONFIGURATION` permission (i.e., administrators), can exploit this weakness to execute arbitrary JavaScript for users browsing to the login page. ### Patches The issue has been fixed in version 4.13.6. ### References * The issue was introduced via: https://github.com/DependencyTrack/frontend/pull/986 * The issue was fixed via: https://github.com/DependencyTrack/frontend/pull/1378 ### Credit Thanks to *Jonas Benjamin Friedli* for identifying and responsibly disclosing the issue.

GHSA-5j98-mcp5-4vw2: glob CLI: Command injection via -c/--cmd executes matches with shell:true

### Summary The glob CLI contains a command injection vulnerability in its `-c/--cmd` option that allows arbitrary command execution when processing files with malicious names. When `glob -c <command> <patterns>` is used, matched filenames are passed to a shell with `shell: true`, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. ### Details **Root Cause:** The vulnerability exists in `src/bin.mts:277` where the CLI collects glob matches and executes the supplied command using `foregroundChild()` with `shell: true`: ```javascript stream.on('end', () => foregroundChild(cmd, matches, { shell: true })) ``` **Technical Flow:** 1. User runs `glob -c <command> <pattern>` 2. CLI finds files matching the pattern 3. Matched filenames are collected into an array 4. Command is executed with matched filenames as arguments using `shell: true` 5. Shell interprets metacharacters in filenames as c...

GHSA-fxm2-cmwj-qvx4: phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality

### Summary An authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ (v4.0.13 and prior) allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. ### Details The vulnerability exists in the `save` method within the `src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php` controller. This method handles the saving of application-wide configuration settings. It retrieves all submitted form data as an associative array via `$request->get('edit')`. The core of the issue is that while the *values* of this array are processed, the *keys* are trusted implicitly and are not sanitized or validated. **File:** `src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php` ```php...

The price of ChatGPT’s erotic chat? $20/month and your identity

This is how surveillance gets normalized: one “safety” feature at a time.

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT

Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT. The activity, observed this month, is being tracked by eSentire under the moniker EVALUSION. First spotted in June 2025, Amatera is assessed to be an evolution of ACR (short for "AcridRain") Stealer, which was available under the

Everest Ransomware Says It Stole Data of Millions of Under Armour Users

Everest ransomware claims to have breached Under Armour, stealing 343GB of data, including customer info, product records, and internal company files.

Your coworker is tired of AI &#8220;workslop&#8221; (Lock and Code S06E23)

This week on the Lock and Code podcast, we speak with Dr. Kristina Rapuano about AI "workslop" and its impact on people and their attitudes.

Cursor Issue Paves Way for Credential-Stealing Attacks

Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.