Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-hqhq-hp5x-xp3w: GoBGP does not properly check the input length

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

ghsa
Open in Source
#vulnerability#perl#auth
GHSA-7m35-vw2c-696v: GoBGP panics due to a zero value for softwareVersionLen

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

Did DOGE “breach” Americans’ data? (Lock and Code S06E08)

This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans' data.

Did DOGE “breach” Americans’ data? (Lock and Code S06E08)

This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans' data.

GHSA-wm65-ph3w-587c: QMarkdown Cross-Site Scripting (XSS) vulnerability

QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool

Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia

Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…

Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats

Midnight Blizzard (APT29/Cozy Bear) targets European embassies and Ministries of Foreign Affairs with sophisticated phishing emails disguised as…

GHSA-wvcx-j62q-45qw: one-api Cross-site Scripting vulnerability

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain