Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Red Hat Security Advisory 2024-6001-03

Red Hat Security Advisory 2024-6001-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.

Packet Storm
Open in Source
#sql#vulnerability#linux#red_hat#js#auth#postgres
Online Bus Ticketing 1.0 Insecure Direct Object Reference

Online Bus Ticketing version 1.0 suffers from an insecure direct object reference vulnerability.

GHSA-mg8j-w93w-xjgc: Drupal Full Path Disclosure

`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.

Telegram CEO Pavel Durov charged with allowing criminal activity

Telegram CEO Pavel Durov has been arrested in France which raises a lot of questions about the reasons behind the arrest.

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, we’re going to look at what AitM phishing

Harmful 'Nudify' Websites Used Google, Apple, and Discord Sign-On Systems

Single sign-on systems from several Big Tech companies are being incorporated into deepfake generators, WIRED found. Discord and Apple have started to terminate some developers’ accounts.

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized crime,

GHSA-9jqr-5x45-pgw8: Powermail TYPO3 extension Broken Access Control in the OutputController

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0.