Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Your item has sold! Avoiding scams targeting online sellers

There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms.

TALOS
Open in Source
#web#cisco#git#intel#perl#auth
This Russian Tech Bro Helped Steal $93 Million and Landed in US Prison. Then Putin Called

In the epic US-Russian prisoner swap last summer, Vladimir Putin brought home an assassin, spies, and another prized ally: the man behind one of the biggest insider trading cases of all time.

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

The stolen information included listed contacts, call logs, text messages, photos, and the device’s location.

GHSA-c6gw-w398-hv78: DoS in go-jose Parsing

### Impact When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. ### Patches Version 4.0.5 fixes this issue ### Workarounds Applications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters. ### References This is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490.

GHSA-wr88-x8cm-7cgq: Moodle has a stored XSS risk in admin live log

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

GHSA-4w32-c9g7-27qx: Moodle allows reflected XSS via question bank filter

The question bank filter required additional sanitizing to prevent a reflected XSS risk.

GHSA-vp58-j275-797x: Better Auth allows bypassing the trustedOrigins Protection which leads to ATO

### Summary A bypass was found for the security feature **trustedOrigins**. This works for wild card or absolute URLs trustedOrigins configs and opens the victims website to a **Open Redirect** vulnerability, where it can be used to steal the **reset password token** of a victims account by changing the "callbackURL" parameter value to a website owned by the attacker. ### Details #### Absolute URLs The issue here appears in the **middleware**, [specifically](https://github.com/better-auth/better-auth/blob/ddebd0358d74376ea64541512d0167dd4377f182/packages/better-auth/src/api/middlewares/origin-check.ts#L53). This protection is not sufficiente and it allows attackers to get a open redirect, by using the payload `/\/example.com`. We can check this is a valid URL ( or it will be a valid URL because the URL parser fix it for us ), by checking the image bellow: ![image](https://github.com/user-attachments/assets/d192f06d-358d-4612-97d9-cab89ba55b06) ```typescript // trustedOrigins = [ ...

Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack

A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.

GHSA-2cj2-qqxj-5m3r: Phusion Passenger denial of service

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.