Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

'PoisonSeed' Attacker Skates Around FIDO Keys

Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.

DARKReading
Open in Source
#auth
China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the

GHSA-6v2p-p543-phr9: golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

PoisonSeed Tricking Users Into Bypassing FIDO Keys With QR Codes

PoisonSeed group tricks users into bypassing FIDO Keys by misusing QR code logins, highlighting new social engineering risk to secure MFA.

Nearly 2,000 MCP Servers Possess No Security Whatsoever

Authentication in MCP — the backbone of agentic AI — is optional, and nobody's implementing it. Instead, they're allowing any passing attackers full control of their servers.

GHSA-r7q6-6fmq-mx4c: Filemanager is vulnerable to Relative Path Traversal through filemanager.php

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.

GHSA-f8vw-8vgh-22r9: XXL-JOB is vulnerable to SSRF attacks

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

GHSA-83j7-mhw9-388w: Keycloak is vulnerable to bad actors escalating privileges through its Fine-Grained Admin Permissions

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.

How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.

GHSA-7h34-9chr-58qh: Mattermost Missing Authentication for Critical Function

Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts.