#auth

Researchers uncovered a way to steal data from Microsoft Copilot users with a single malicious link.

As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models. Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeek chat data from over 900,000 users. Separately, researchers

Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses. The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has allowed it to confiscate the malicious

Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), has been described as a denial-of-service (DoS) condition impacting GlobalProtect PAN-OS software arising as a result of an improper check for

### Summary The `RedirectSlashes` function in middleware/strip.go does not perform correct input validation and can lead to an open redirect vulnerability. ### Details The `RedirectSlashes` function performs a `Trim` to all forward slash (`/`) characters, while prepending a single one at the begining of the path (Line 52). However, it does not trim backslashes (`\`). ```go File: middleware/strip.go 41: func RedirectSlashes(next http.Handler) http.Handler { ... 51: // Trim all leading and trailing slashes (e.g., "//evil.com", "/some/path//") 52: path = "/" + strings.Trim(path, "/") ... 62: } ``` Also, from version 5.2.2 onwards the `RedirectSlashes` function does not take into consideration the `Host` Header in the redirect response returned. This was done in order to combat another [[vulnerability](https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93)](https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93). The above make it possible for a ...

### Summary An **incomplete SQL injection patch** in the Admin Search Find API allows an authenticated attacker to perform **blind SQL injection**. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to **database information disclosure**. ### Details The vulnerability exists in the Admin Search Find API endpoint: ``` /admin/search/search/find ``` In CVE-2023-30848, the following patch was applied: - SQL comments are removed by replacing `--` - SQL syntax errors are caught and replaced with a generic exception Relevant commit: https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3 Key changes include: ``` // remove sql comments $fields = str_replace('--', '', $fields); try { $hit...

A successful e-commerce platform requires more than just a good-looking design. Security, stability, speed, and scalability are key…

### Impact html2pdf.js contains a cross-site scripting (XSS) vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing malicious scripts to be run on the client browser and risking the confidentiality, integrity, and availability of the page's data. Example attack vector: ```js import html2pdf from 'html2pdf.js/src/index.js'; const maliciousHTML = '<img src=x onerror="alert(document.cookie)">'; html2pdf(maliciousHTML); // or html2pdf().from(maliciousHTML); ``` ### Patches This vulnerability has been fixed in html2pdf.js@0.14.0 to sanitize text sources using DOMPurify. There are no other breaking changes in this version. ### Workarounds Users of earlier versions of html2pdf.js must safely sanitize any text before using it as a source in html2pdf.js. ### References - Initial report: https://github.com/eKoopmans/html2pdf.js/issues/865 - Fix: https://github.com/eKoopmans/html2pdf.js/pull/877, [v0....

### Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new header) or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input directly into headers. The server part is not affected because BlackSheep delegates to an underlying ASGI server handling of response headers. **Attack vector:** Applications using user input in HTTP client requests (method, URL, headers). ### Patches Users who use the HTTP Client in BlackSheep should upgrade to `2.4.6`. ### Workarounds If users handle headers from untrusted parties, they might reject values for header names and values that contain carriage returns. ### References https://owasp.org/www-community/vulnerabilities/CRLF_Injection

### Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. ### Patches * https://github.com/WeblateOrg/weblate/pull/17516 ### References Thanks to Lukas May and Michael Leu for reporting this.