#auth

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py module, which inadequately restricts Python code execution despite employing static and dynamic checks. Attackers can exploit whitelisted modules and functions to execute arbitrary code, compromising the host system. This flaw undermines the core security boundary intended to isolate untrusted code, posing risks such as unauthorized code execution, data leakage, and potential integration-level compromise. The issue is resolved in version 1.17.0.

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.

BreachForums resurfaces on its original .onion domain amid law enforcement crackdowns, raising questions about its admin, safety and future.

### Summary The HAX CMS API endpoints do not perform authorization checks when interacting with a resource. Both the JS and PHP versions of the CMS do not verify that a user has permission to interact with a resource before performing a given operation. ### Details The API endpoints within the HAX CMS application check if a user is authenticated, but don't check for authorization before performing an operation. #### Affected Resources - [Operations.php: 760](https://github.com/haxtheweb/haxcms-php/blob/b158d8ba1f9602af92ab084fd03b418f953079fd/system/backend/php/lib/Operations.php#L760) `createNode()` - [Operations.php: 868](https://github.com/haxtheweb/haxcms-php/blob/b158d8ba1f9602af92ab084fd03b418f953079fd/system/backend/php/lib/Operations.php#L868) `saveNode()` - [Operations.php: 1171](https://github.com/haxtheweb/haxcms-php/blob/b158d8ba1f9602af92ab084fd03b418f953079fd/system/backend/php/lib/Operations.php#L1171) `deleteNode()` - [Operations.php: 1789](https://github.com/haxth...

International law enforcement agencies, including the FBI and Europol, have successfully seized the infrastructure of the notorious BlackSuit ransomware gang in Operation Checkmate. This article details the takedown, BlackSuit's origins, and the ongoing fight against evolving cyber threats.

#### **Overview** A critical vulnerability has been identified in the `tj-actions/branch-names` GitHub Action workflow which allows arbitrary command execution in downstream workflows. This issue arises due to inconsistent input sanitization and unescaped output, enabling malicious actors to exploit specially crafted branch names or tags. While internal sanitization mechanisms have been implemented, the action outputs remain vulnerable, exposing consuming workflows to significant security risks. #### **Technical Details** The vulnerability stems from the unsafe use of the `eval printf "%s"` pattern within the action's codebase. Although initial sanitization using `printf "%q"` properly escapes untrusted input, subsequent unescaping via `eval printf "%s"` reintroduces command injection risks. This unsafe pattern is demonstrated in the following code snippet: ```bash echo "base_ref_branch=$(eval printf "%s" "$BASE_REF")" >> "$GITHUB_OUTPUT" echo "head_ref_branch=$(eval printf "%s" "$...

## Summary An inconsistency in `OperatorFuncNode` can be exploited to hide the execution of untrusted `operator.xxx` methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. **Note:** This report focuses on `operator.call` as it appears to be the most interesting target, but the same technique applies to other `operator` methods. Moreover, please do not focus too much on the specific example used to hide the `operator.call` invocation—it was a zero-effort choice meant solely to demonstrate the issue. The key point is the **inconsistency** that allows a user to approve a type as trusted, while in reality enabling the execution of `operator.xxx`. ## Details The `OperatorFuncNode` allows calling methods belonging to the `operator` module and included in a trusted list of methods. However, what is returned by `get_untrusted_types` and checked during the `load` call is no...

A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter.

Medusa Ransomware breached NASCAR, demanded $4 million, leaked sensitive data including maps and staff info, exposing major security failures. The incident was exclusively reported by Hackread.com.

JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By manipulating the authorities parameter and changing its value to ROLE_ADMIN, the privilege is successfully escalated to an Admin level. This allowed the access to all admin-related functionalities in the application.