Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the

The Hacker News
Open in Source
#xss#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#amazon#linux#cisco#ddos#apache#nodejs#js#git#intel#c++#backdoor#rce#perl#pdf#oauth#auth#ssh#telnet#zero_day#docker#chrome#sap#ssl#The Hacker News
Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response

Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin.

GHSA-cxvc-g8f2-4gmm: Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.

Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens

Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted.

ICE Has Spyware Now

Plus: An AI chatbot system is linked to a widespread hack, details emerge of a US plan to plant a spy device in North Korea, your job’s security training isn’t working, and more.

Defense Department Scrambles to Pretend It’s Called the War Department

President Donald Trump said the so-called Department of War branding is to counter the “woke” Department of Defense name.

GHSA-xh7v-965r-23f7: Atlantis Exposes Service Version Publicly on /status API Endpoint

### Summary Atlantis publicly exposes detailed version information on its `/status` endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. ### Details The `/status` endpoint in Atlantis returns not only a health check but also detailed version and build information. This disclosure violates the principle of minimizing exposed sensitive metadata and can be leveraged by adversaries to correlate the version information with public vulnerability databases, including CVE listings. Although Atlantis is a public repository maintained by an external team, reducing this exposure can lessen the overall risk of targeted attacks. For example, the source code handling the `/status` endpoint exposes version details that allow one to infer software dependencies and system configurations. Best practices, including guidelines from the [OWASP Top 10](https:/...

GHSA-j6xf-jwrj-v5qp: Coder vulnerable to privilege escalation could lead to a cross workspace compromise

## Summary Insecure session handling opened room for a privilege escalation scenario in which [prebuilt workspaces](https://coder.com/docs/admin/templates/extending-templates/prebuilt-workspaces) could be compromised by abusing a shared system identity. ## Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via [`coder_workspace_owner.session_token`](https://registry.terraform.io/providers/coder/coder/latest/docs/data-sources/workspace_owner#session_token-1). Prebuilt workspaces are initially owned by a built-in `prebuilds` system user. When a prebuilt workspace is claimed, a new session token is generated for the user that claimed the workspace, but the previous session token for the `prebuilds` user was not expired. Any Coder workspace templates that persist this automatically generated session token are potentially impacted. For example, the [coder-login module](https://github.com/coder/registry/blob/8677e7...

GHSA-23hg-53q6-hqfg: ImageMagick BlobStream Forward-Seek Under-Allocation

**Reporter:** Lumina Mescuwa **Product:** ImageMagick 7 (MagickCore) **Component:** `MagickCore/blob.c` (Blob I/O - BlobStream) **Tested:** 7.1.2-0 (source tag) and 7.1.2-1 (Homebrew), macOS arm64, clang-17, Q16-HDRI **Impact:** Heap out-of-bounds **WRITE** (attacker-controlled bytes at attacker-chosen offset) → memory corruption; potential code execution --- ## Executive Summary For memory-backed blobs (**BlobStream**), [`SeekBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5106-L5134) permits advancing the stream **offset** beyond the current end without increasing capacity. The subsequent [`WriteBlob()`](https://github.com/ImageMagick/ImageMagick/blob/3fcd081c0278427fc0e8ac40ef75c0a1537792f7/MagickCore/blob.c#L5915-L5938) then expands by **`quantum + length`** (amortized) instead of **`offset + length`**, and copies to `data + offset`. When `offset ≫ extent`, the copy targets memory beyond the allocatio...

GHSA-6859-2qxq-ffv2: pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.