Latest News

The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.

Misconfigured license-plate-recognition systems reveal the livestreams of individual cameras and the wealth of data they collect about every vehicle that passes by them.

AI-supported spear phishing emails tricked 54% of users in a controlled study that compared AI and human cybercriminal success rates.

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.

### Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input (such as user comments) to be parsed and handled safely by the PHP-Textile library. In restricted mode, the version 4.1.2 of the library does not sanitize or validate user-controllable href input in image links, but allows any link protocol or JavaScriptt links to be used. The vulnerability allows an attacker to add malicious JavaScript code to the page which is then executed when an unexpecting user clicks the link. In non-restricted mode, the library allows mixed HTML input, and any link protocol by design. In restricted mode, text links were already handled correctly and the vulnerability only affects image links. ### Resolution This issue was fixed in PHP-Textile version 4.1.3. Version 4.1.3 disallows use of JavaScript in image links when the ...

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

Philadelphia, Pennsylvania, 7th January 2025, CyberNewsWire

### Impact Users of WireGuard Portal v2 who have OAuth (or OIDC) authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website. ### Patches The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The [docker images](https://hub.docker.com/r/wgportal/wg-portal) for the tag 'latest' built from the master branch also include the fix.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

### Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. ### Patches matrix-sdk-crypto 0.8.0 adds a new `VerificationLevel::VerificationViolation` enum variant which indicates that a previously verified identity has been changed. ### Workarounds N/A ### References - Patch: https://github.com/matrix-org/matrix-rust-sdk/pull/3795