Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

McDonald’s AI Hiring Tool McHire Leaked Data of 64 Million Job Seekers

Major security flaw in McDonald’s AI hiring tool McHire exposed 64M job applications. Discover how an IDOR vulnerability…

HackRead
Open in Source
#vulnerability#web#auth
DHS Tells Police That Common Protest Activities Are ‘Violent Tactics’

DHS is urging law enforcement to treat even skateboarding and livestreaming as signs of violent intent during a protest, turning everyday behavior into a pretext for police action.

GHSA-25xr-qj8w-c4vf: Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

GHSA-wr62-c79q-cv37: Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

GHSA-4j3c-42xv-3f84: Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue.

GHSA-ggmv-j932-q89q: Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

### Impact The HTTP Gateway processes headers, but with no timeout set. With a Slowloris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. ### Patches Patch has been implemented by [commit `1385bd8`](https://github.com/ctfer-io/chall-manager/commit/1385bd869142651146cd0b123085f91cec698636) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4). ### Workarounds No workaround exist. ### References N/A

GHSA-r7fm-3pqm-ww5w: Chall-Manager's scenario decoding process does not check for zip bombs

### Impact When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. ### Patches Patch has been implemented by [commit `14042aa`](https://github.com/ctfer-io/chall-manager/commit/14042aa66a577caee777e10fe09adcf2587d20dd) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4). ### Workarounds No workaround exist. ### References N/A.

GHSA-3gv2-v3jx-r9fh: Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive

### Impact When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is **highly** recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. ### Patches Patch has been implemented by [commit `47d188f`](https://github.com/ctfer-io/chall-manager/commit/47d188fda5e3f86285e820f12ad9fb6f9930662c) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4). ### Workarounds No workaround exist. ### References N/A.

GHSA-275g-g844-73jh: Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

An SQL injection vulnerability in the `EventCache::find_event_with_relations` method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly pass relation types provided by those room members into this method, when used with the default sqlite-based store backend. Exploitation is unlikely, as no known clients currently use the API in this manner. ### Workarounds Passing only trusted (or sanitised) relation types to the `filter` argument of `EventCache::find_event_with_relations()` avoids the issue. ### Patches The issue is fixed in matrix-sdk 0.13. ### References The issue was introduced in https://github.com/matrix-org/matrix-rust-sdk/pull/4849.

UK Arrests Woman and Three Men for Cyberattacks on M&S Co-op and Harrods

Four suspects arrested by the NCA in April/May 2025 cyberattacks on M&S, Co-op, and Harrods. Learn about the social engineering, ransomware disruption, and estimated £300M impact on M&S.