#auth

Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.

### Background Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for *either* `folder` or `folder#parent`. This bug *only* manifests if the *same* subject type is used multiple types in a relation, relationships exist for both subject types *and* an arrow is used over the relation. ### Impact Any user making a negative authorization decision based on the results of a LookupSubjects request with version before v1.30.1 is affected. ### Workarounds Avoid using LookupSubjects for negative authorization decisions and/or avoid using the broken schema.

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

Prioritizing security and user experience will help you build a robust and reliable authentication system for your business.

An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law.

Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.

Don't wait for an online harassment campaign to unfairly target you or a loved one. Take these proactive steps today to stay safe.

It's finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation.

A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. Successful exploitation could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code.