Latest News

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.93 3/26/2025 134.0.6998.177/.178

Tory Hunt, security expert and Have I Been Pwned owner, disclosed a phishing attack against him in a commendable display of transparency.

A WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo—until WIRED asked about it.

### Summary User supplied values passed through to certain attributes in form widgets are not fully escaped for potentially dangerous tokens, and in some cases are rendered in browser as valid html tags. ### Details Attributes passed to the widget (such as `label_field`) containing `<`, `>`, and similar tokens are not fully escaped. This results in some raw values reaching the widget, and rendering in part or fully. For example, a label of: `"Test User <script>I can pass this to the label_field and it gets rendered</script>"` is rendered in the choices's label visually as `"Test User "` with the trailing space, and what appears as an un-executed script tag following it (which is visible when viewing source). The actual output rendered in the browser for this example is: `<div role="option" data-value="63f205b6" class="item" data-ts-item="">Test User <script>I can pass this to the label_field and it gets rendered</script></div>` The script tags appears to be valid in Chrome dev tool...

Affected versions of this crate only validated the `index` argument of `HashTable::get_bucket` and `HashTable::get_chain` against the input-controlled `bucket_count` and `chain_count` fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a consumer of the HashTable API by setting these fields to inappropriately large values that would fall outside the relevant hash table section, and by introducing correspondingly out-of-bounds hash table indexes elsewhere in the ELF file.

### Describe the Bug In Directus, when a **Flow** with the "_Webhook_" trigger and the "_Data of Last Operation_" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user accountability information, and operational data. This issue poses a significant security risk, as any unintended exposure of this data could lead to potential misuse.    ### To Reproduce **Steps to Reproduce:** 1. Create a Flow in Directus with: - Trigger: Webhook - Response Body: Data of Last Operation 2. Add a condition that is likely to fail. 3. Trigger the Flow with any input data that will fail the condition...

Cybersecurity threats are evolving at an unprecedented pace, leaving organizations vulnerable to large-scale attacks. Security breaches and data…

The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

### Summary The `search` query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the enumeration of unknown field contents. ### Details The searchable columns (numbers & strings) are not checked against permissions when injecting the `where` clauses for applying the search query. This leads to the possibility of enumerating those un-permitted fields. ### PoC - Create a collection with a string / numeric field, configure the permissions for the public role to not include the field created - Create items with identifiable content in the not permitted field - Query the collection and include the field content in the `search` parameter - See that results are returned, even tho the public user does not have permission to view the field content ### Impact This vulnerability is a very high impact, as for example Directus instances which allow public read access to the user avatar are vulnerable to have th...

### Summary Since the user status is not checked when verifying a session token a suspended user can use the token generated in session auth mode to access the API despite their status. ### Details There is a check missing in `verifySessionJWT` to verify that a user is actually still active and allowed to access the API. Right now one can extract the session token obtained by, e.g. login in to the app while still active and then, after the user has been suspended continue to use that token until it expires. ### PoC * Create an active user * Log in with that user and note the session cookie * Suspend the user (and don't trigger an `/auth/refresh` call, as that invalidates the session * Access the API with `Authorization: Bearer <token>` ### Impact This weakens the security of suspending users.