Latest News

### Summary Picklescan uses numpy.f2py.crackfortran.param_eval, which is a function in numpy to execute remote pickle files. ### Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.param_eval function via reduce method. - Then, when the victim checks whether the pickle file is safe by using the Picklescan library and this library doesn't detect any dangerous functions, they decide to use pickle.load() on this malicious pickle file, thus leading to remote code execution. ### PoC ``` class RCE: def __reduce__(self): from numpy.f2py.crackfortran import param_eval return (param_eval,("os.system('ls')",None,None,None)) ``` ### Impact Any organization or individual relying on picklescan to detect malicious pickle files inside PyTorch models. Attackers can embed malicious code in pickle file that remains undetected but executes when the pickle file is loaded. Attackers can distrib...

### Summary A stored cross-site scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose **display name** contains HTML entities (e.g., `<img ...>`). When an administrator views the admin user list, the payload is decoded server-side and rendered without escaping, resulting in script execution in the admin context. ### Details Root cause is the following chain: - **User-controlled input stored**: attacker-provided `display_name` (real name) is stored in DB (often as HTML entities, e.g., `<img ...>`). - **Decode on read**: `phpmyfaq/src/phpMyFAQ/User/UserData.php` decodes `display_name` using `html_entity_decode(...)` (“for backward compatibility”). - **Unsafe sink**: admin user list renders the decoded value unescaped using Twig `|raw`: - `phpmyfaq/assets/templates/admin/user/users.twig` (users table uses `{{ user.display_name|raw }}`) As a result, an entity-encoded payload becomes active ...

### Summary A Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding (e.g., `localtest.me` which resolves to `127.0.0.1`) or open redirect services (e.g., `httpbin.org/redirect-to`). This allows an authenticated user to make the server initiate HTTP requests to internal network resources. ### Details The vulnerability exists in the `isPublicUrl` function located in `/api/lib/utils.ts`. The function validates webhook URLs against a blocklist of private IP patterns: ```typescript export const isPublicUrl = (url: string): boolean => { const parsed = new URL(url); const hostname = parsed.hostname.toLowerCase(); const blockedPatterns = [ /^localhost$/, /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^192\.168\.\d{1,3}\.\d{1,3}$/, // ... other patterns ]; return...

Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report.

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.

### Summary Picklescan uses numpy.f2py.crackfortran.myeval, which is a function in numpy to execute remote pickle files. ### Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.myeval function in its reduce method - Then, when the victim checks whether the pickle file is safe by using the Picklescan library and this library doesn't detect any dangerous functions, they decide to use pickle.load() on this malicious pickle file, thus leading to remote code execution. ### PoC ``` class RCE: def __reduce__(self): from numpy.f2py.crackfortran import myeval return (myeval, ("os.system('ls')",)) ``` ### Impact Any organization or individual relying on picklescan to detect malicious pickle files inside PyTorch models. Attackers can embed malicious code in pickle file that remains undetected but executes when the pickle file is loaded. Attackers can distribute infected pickle files ac...

### Summary Picklescan uses `operator.methodcaller`, which is a built-in python library function to execute remote pickle files. ### Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the `operator.methodcaller` function in method `reduce`. - Then, when the victim checks whether the pickle file is safe using the Picklescan library and this library doesn't detect any dangerous functions, they decide to use pickle.load() on this malicious pickle file, thus leading to remote code execution. ### PoC ``` import pickle import pickletools opcode1 = b'''cbuiltins __import__ (Vos tRp0 0coperator methodcaller (Vsystem Vecho "pwned by operator.methodcaller" tR(g0 tR.''' pickletools.dis(opcode1) pickle.loads(opcode1) ``` This PoC can't be easily created by pickle.dumps, therefore it was manually built. ### Impact Any organization or individual relying on picklescan to detect malicious pickle files inside PyTorch models. Attackers ca...

Crypto phishing scams surged 83% in 2025, targeting wallets with fake sites, approval tricks, and poisoned addresses. One click can drain your funds.

Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data.

Dark Reading Confidential Episode 13: Developers are exposing their organizations' most sensitive information; our guests explain why it's happening and how to stop it.