Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Drilling Down on Uncle Sam’s Proposed TP-Link Ban

The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.

Krebs on Security
Open in Source
#vulnerability#microsoft#amazon#cisco#pdf#botnet#hard_coded_credentials#asus#auth#wifi#blog
The Government Shutdown Is a Ticking Cybersecurity Time Bomb

Many critical systems are still being maintained, and the cloud provides some security cover. But experts say that any lapses in protections like patching and monitoring could expose government systems.

GHSA-vm2f-46xc-5jc3: AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage.

GHSA-xrj9-mw57-j34v: AstrBot contains a directory traversal vulnerability

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to file_path without checking the validity of the filename. The variable file_path is then passed as a parameter to the function `file.save`, so that the file in the request body can be saved to any location in the file system through directory traversal.

GHSA-cm35-v4vp-5xvx: Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

### Summary Open WebUI v0.6.33 and below contains a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) `execute` events. This leads to authentication token theft, complete account takeover, and when chained with the Functions API, enables remote code execution on the backend server. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker's malicious model URL, achievable through social engineering of the admin and subsequent users. ### Details ROOT CAUSE ANALYSIS: Open WebUI's Direct Connections feature allows users to add external OpenAI-compatible model servers without proper validation of the Server-Sent Events (SSE) these servers emit. VULNERABLE COMPONENT: Frontend SSE Event Handler The frontend JavaScript code processes SSE events from external servers and specifically handles an `execute` eve...

From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government

Mexico City Is the Most Video-Surveilled Metropolis in the Americas

Despite 83,000 public cameras, crime in Mexico City remains high—and widespread surveillance raises myriad ethical issues.

Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts

Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments. The approach is designed to tackle a common practice called review bombing, where online users intentionally post negative user reviews in an

GHSA-xmq3-q5pm-rp26: Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade.

GHSA-fv2r-r8mp-pg48: Soft Serve does not sanitize ANSI escape sequences in user input

### Impact In several places where the user can insert data (e.g. names), ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository Description (pkg/backend/repo.go - SetDescription) 2. Repository Project Name (pkg/backend/repo.go - SetProjectName) 3. Git Commit Author Names (pkg/ssh/cmd/commit.go:69) 4. Git Commit Messages (pkg/ssh/cmd/commit.go:71) 5. Access Token Names (pkg/ssh/cmd/token.go:107) 6. Webhook URLs (pkg/ssh/cmd/webhooks.go:72) ### Patches v0.11.0 ### Workarounds No. ### References n/a