Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-q3v6-hm2v-pw99: Spring Framework has Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

ghsa
Open in Source
#vulnerability#web#perl#auth
Incident Response Playbooks: Are You Prepared?

The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.

Microsoft Boosts Device Security With Windows Resiliency Initiative

Microsoft is readying a new release of Windows in 2025 that will have significant security controls, such as more resilient drivers and a "self-defending" operating system kernel.

INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million

A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V, which took place between July and

Why Simulating Phishing Attacks Is the Best Way to Train Employees

Despite advancements in cybersecurity tools, human vulnerability remains the weakest link, with phishing among the most dangerous forms…

FBI-Wanted Hacker Behind Global Ransomware Attacks Arrested in Russia

Mikhail Pavlovich Matveev (aka Wazawaka) has been wanted by the FBI since 2023.

Wanted Russian Cybercriminal Linked to Hive and LockBit Ransomware Has Been Arrested

A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present,

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script. The need for authentication and admin access could limit this vulnerability’s impact, but here we […]

GHSA-2gx6-qrpp-c4p3: Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.

GHSA-cg28-v4wq-whv5: Symfony's VarDumper vulnerable to unsafe deserialization

A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code.