Latest News

Red Hat Summit, the premier open source event, reached new heights this past May by ascending to the Mile High City of Denver Colorado. The mix of Red Hat customers, enthusiasts and members of the open source community made for an ideal location for the latest OpenShift Commons Gathering. Similar to other OpenShift Commons Gathering events, it occurred as a day-0 event prior to the actual start of Red Hat Summit. But, what made this event extra special was that it also coincided with the first ever Community Day that brought together the communities driving Red Hat OpenShift, Red Hat Enterpris

French authorities detained Durov to question him as part of a probe into a wide range of alleged violations—including money laundering and CSAM—but it remains unclear if he will face charges.

We came a cross a clever abuse of Google and Microsoft's services that fooled us for a minute. See if you could have spotted it.

A cross-site scripting (XSS) vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

### Impact When using the `Extract()` method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to. ### Patches Fixed in 0.3.2 ### References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2 ### Credits Justin Taft from Google

Debian Linux Security Advisory 5758-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling.

Das U-Boot suffers from a buffer overread vulnerability. An attacker with access to the local network and faster response times than the default DHCP server can trigger a memory leak by responding with malicious DHCP offers to a vulnerable U-Boot DHCP client.

Invesalius versions 3.1.99991 through 3.1.99998 suffer from a remote code execution vulnerability. The exploitation steps of this vulnerability involve the use of a specifically crafted DICOM file which, once imported inside the victim's client application, allows an attacker to gain remote code execution.

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.