#auth

IT security is no longer the responsibility of a single, specialized team. To help protect your organization from growing cyber threats, IT security should be a priority for everyone. By integrating security processes and functions into every stage of the software development lifecycle, you not only better protect your products but you also build trust with your users. Here's how you can democratize security processes and make it a shared responsibility across your organization, while giving your developers what they need to create applications quickly.Software supply chain security tools and

Sean Cairncross will be one of the primary advisers to the administration on national cybersecurity matters.

Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords,…

February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild: 🔻 EoP – Windows Ancillary Function Driver for WinSock (CVE-2025-21418)🔻 EoP – Windows Storage (CVE-2025-21391) There are no vulnerabilities with public exploits, but there are 7 with private ones: 🔸 RCE – Microsoft Edge (CVE-2025-21279, CVE-2025-21283)🔸 Auth. […]

### Impact Chains using affected versions of Packet Forward Middleware in their IBC Transfer stack are vulnerable to an attack in which there is a potential denial of service. This affects IBC transfers for any asset which is being transferred between another chain and its native chain. We recommend upgrading as soon as possible. __THIS IS A STATE BREAKING CHANGE__ ### Patches Versions [7.2.1](https://github.com/cosmos/ibc-apps/releases/tag/middleware%2Fpacket-forward-middleware%2Fv7.2.1) and [8.1.1](https://github.com/cosmos/ibc-apps/releases/tag/middleware%2Fpacket-forward-middleware%2Fv8.1.1) are patched. ### Workarounds N/A ### References N/A

The open technology, which tackles disinformation, has gained steam in the past year, surpassing 500 corporate members and continuing to evolve.

US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.

### Summary Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry out a Denial-of-Service attack. ### PoC Coming soon. ### Impact This is a Regex Denial-of-Service attack and causes memory exhaustion. The regex should be improved and empty values should not be allowed.

Calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time.

## Summary `Rack::CommonLogger` can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. ## Details When a user provides the authorization credentials via `Rack::Auth::Basic`, if success, the username will be put in `env['REMOTE_USER']` and later be used by `Rack::CommonLogger` for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. ## Impact Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. ## Mitigation - Update to the latest version of Rack.