Security
Headlines
HeadlinesLatestCVEs

Latest News

Hackers Use Social Engineering to Target Expert on Russian Operations

Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats.

HackRead
Open in Source
#web#google#git#intel#pdf#auth
GHSA-qwwm-c582-82rx: Mattermost allows unauthorized channel member management through playbook runs

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public and private channels by manipulating playbook run participants when the run is linked to a channel.

GHSA-4578-6gjh-f2jm: Mattermost allows an unauthorized Guest user access to Playbook

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.

GHSA-mgfv-2362-jq96: DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input

DNN.PLATFORM allows a specially crafted series of malicious interaction can expose NTLM hashes to a third party SMB server. This vulnerability is fixed in 10.0.1.

GHSA-fjhg-3mrh-mm7h: DNN.PLATFORM possibly allows bypass of IP Filters

DNN.PLATFORM allows a specially crafted request or proxy could be created that would bypass the design of DNN Login IP Filters allowing login attempts from IP Adresses not in the allow list. This vulnerability is fixed in 10.0.1.

Telecom Giant Viasat Is Latest Salt Typhoon Victim

The communications company shared the discoveries of its investigation with government partners, but there is little information they can publicly disclose other than that there seems to be no impact on customers.

GHSA-wwc9-wmm3-2pmf: DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed

DNN.PLATFORM allows a specially crafted request can inject scripts in the Activity Feed Attachments endpoint which will then render in the feed, resulting in a cross-site scripting attack. This vulnerability is fixed in 10.0.1.

GHSA-pf4h-vrv6-cmvr: DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects

DNN.PLATFORM allows specially crafted content in URLs could be used with TokenReplace and not be properly sanitized by some SkinObjects. This vulnerability is fixed in 10.0.1.

How Cyber Warfare Changes the Face of Geopolitical Conflict

As geopolitical tensions rise, the use of cyber operations and hacktivists continues to grow, with the current conflict between Israel and Iran showing the new face of cyber-augmented war.

How to Lock Down the No-Code Supply Chain Attack Surface

Securing the no-code supply chain isn't just about mitigating risks — it's about enabling the business to innovate with confidence.