#auth

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue.

Is moving from WhatApp to Signal a good idea? We look at the pros and cons, and which settings can make Signal even more private.

Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver's licenses, bank statements, and more.

Affected versions of this crate only validated the `index` argument of `HashTable::get_bucket` and `HashTable::get_chain` against the input-controlled `bucket_count` and `chain_count` fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a consumer of the HashTable API by setting these fields to inappropriately large values that would fall outside the relevant hash table section, and by introducing correspondingly out-of-bounds hash table indexes elsewhere in the ELF file.

### Describe the Bug In Directus, when a **Flow** with the "_Webhook_" trigger and the "_Data of Last Operation_" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user accountability information, and operational data. This issue poses a significant security risk, as any unintended exposure of this data could lead to potential misuse.    ### To Reproduce **Steps to Reproduce:** 1. Create a Flow in Directus with: - Trigger: Webhook - Response Body: Data of Last Operation 2. Add a condition that is likely to fail. 3. Trigger the Flow with any input data that will fail the condition...

Cybersecurity threats are evolving at an unprecedented pace, leaving organizations vulnerable to large-scale attacks. Security breaches and data…

The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

### Summary Since the user status is not checked when verifying a session token a suspended user can use the token generated in session auth mode to access the API despite their status. ### Details There is a check missing in `verifySessionJWT` to verify that a user is actually still active and allowed to access the API. Right now one can extract the session token obtained by, e.g. login in to the app while still active and then, after the user has been suspended continue to use that token until it expires. ### PoC * Create an active user * Log in with that user and note the session cookie * Suspend the user (and don't trigger an `/auth/refresh` call, as that invalidates the session * Access the API with `Authorization: Bearer <token>` ### Impact This weakens the security of suspending users.

### Impact SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. ### Workarounds Upgrading is required, no other workaround is present.

Researchers have uncovered a critical vulnerability (CVE-2025-29927) in Next.js middleware, allowing authorization bypass. Learn about the exploit and fixes.