Latest News

### Summary The site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users. ### Impact The attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability. ### Patches - [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation. ### Details By embedding "<!--", the source code can be rendered non-functional, significantly impacting system availability. However, the attacker would need admin privileges, making the attack more difficult to execute. ### PoC  1. The page where the vulnerability was found, and the attack surface is the Title field. ![image](https://github.com/user-attachment...

Microsoft exposes Storm-2139, a cybercrime network exploiting Azure AI via LLMjacking. Learn how stolen API keys enabled harmful…

One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.

Not getting enough views or traffic to your podcasts? Try this stunning AI audio-to-video generator to transform your…

### Summary If untrusted user input is used to dynamically create a `PebbleTemplate` with the method `PebbleEngine#getLiteralTemplate`, then an attacker can include arbitrary local files from the file system into the generated template, leaking potentially sensitive information into the output of `PebbleTemplate#evaluate`. This is done via the `include` macro. ### Details The `include` macro calls `PebbleTempateImpl#resolveRelativePath` with the `relativePath` argument passed within the template: Example template: ``` {% include [relativePath] %} ``` When `resolveRelativePath` is called, the `relativePath` is resolved against the `PebbleTemplateImpl.name` variable. ```java /** * This method resolves the given relative path based on this template file path. * * @param relativePath the path which should be resolved. * @return the resolved path. */ public String resolveRelativePath(String relativePath) { String resolved = this.engine.getLoader().resolveRelativ...

360XSS campaign exploits Krpano XSS to hijack search results & distribute spam ads on 350+ sites, including government,…

Two denial of service vulnerabilities were found in ntpd-rs related to the handling of NTS cookies in our client functionality. Whenever an NTS source is configured and the server behind that source is sending zero-sized cookies or cookies larger than what would fit in our buffer size, ntpd-rs would crash. Only configured NTS sources can abuse these vulnerabilities. NTP sources or third parties that are not configured cannot make use of these vulnerabilities. For zero-sized cookies: a division by zero would force an exit when the number of new cookies that would need to be requested is calculated. In ntpd-rs 1.5.0 a check was added to prevent the division by zero. For large cookies: while trying to send a NTP request with the cookie included, the buffer is too small to handle the cookie and an exit of ntpd-rs is forced once a write to the buffer is attempted. The memory outside the buffer would not be written to in this case. In ntpd-rs 1.5.0 a check was added that prevents accepting...

Name: ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: Critical (Considerable Impact; Almost Certain Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md)) Affected versions: IBC-Go >= v7; Earlier IBC-Go versions may also be affected. Affected users: Validators, Full nodes, IBC Middleware authors ### Description An issue was discovered in IBC-Go's deserialization of acknowledgements that results in non-deterministic behavior which can halt a chain. Any user that can open an IBC channel can introduce this state to the chain ### Patches The new IBC-Go releases below address this issue: * [v7.9.2](https://github.com/cosmos/ibc-go/releases/tag/v7.9.2) * [v8.6.1](https://github.com/cosmos/ibc-go/releases/tag/v8.6.1) ### Workarounds To prevent this state from being introduced to a chain, it is possible to permission Channel Opening as a workaroun...

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite," the international non-governmental

Three more stalkerware apps have been found to leak data of both victims and customers alike: Spyzie, Cocospy, and Spyic