Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-cmpr-8prq-w5p5: Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to Confluence spaces, which allows attackers to edit subscriptions for Confluence spaces that users do not have access to through the edit subscription endpoint.

ghsa
Open in Source
#vulnerability#auth
GHSA-vpcr-fqpc-386h: Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to the channel, which allows attackers to get channel subscription details without proper access to the channel via an API call to the Get Channel Subscriptions details endpoint.

BlackSuit Ransomware Takes an Infrastructure Hit From Law Enforcement

A swarm of US agencies joined with international partners to take down servers and domains and seize more than $1 million associated with BlackSuit (Royal) ransomware operations, a group that has been a chronic, persistent threat against critical infrastructure.

Carmaker Portal Flaw Could Let Hackers Unlock Cars, Steal Data

A security vulnerability in a major carmaker’s online portal exposed customer data and could have let hackers remotely…

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack

REvil affiliate Yaroslav Vasinskyi, who was convicted last year for his role in the 2021 Kaseya ransomware supply chain attack, said the Russian government was instrumental to the attack's execution.

Black Hat NOC Expands AI Implementation Across Security Operations

Corelight's James Pope gives Dark Reading an inside look at this year's Black Hat Network Operations Center, detailing security challenges and rising trends — many related to increased AI use.

Researchers Warn of 'Hidden Risks' in Passwordless Account Recovery

Passwordless authentication is becoming more common, but account recovery poses increased risks that can lead to account takeovers. It's especially dangerous because even low-skilled attackers can achieve success.

Ghanaian Nationals Extradited to US Over $100M, BEC, Romance Scams

Three Ghanaian men have been extradited to the US over $100 million fraud involving romance scams and business…

Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours

Researchers paired the jailbreaking technique with storytelling in an attack flow that used no inappropriate language to guide the LLM into producing directions for making a Molotov cocktail.

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications

Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic. Details of the vulnerabilities – dubbed 2TETRA:2BURST – were presented at the Black Hat USA