Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack

Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.

DARKReading
Open in Source
#vulnerability#microsoft#linux#debian#red_hat#git#backdoor#auth#ssh
Data Security Fears: Congress Bans Staff Use of Microsoft’s AI Copilot

By Waqas Microsoft has acknowledged the concerns! This is a post from HackRead.com Read the original post: Data Security Fears: Congress Bans Staff Use of Microsoft’s AI Copilot

GHSA-pmww-v6c9-7p83: Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page

### Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access allows the following actions for example: - The ability for an attacker to gain access to all data stored within the admin page - The ability for an attacker to make any action within the admin page such as creating, modifying or deleting table records As the SVG is executed from the context of an authenticated admin session, any actions they may be able to make can be made by the attacker. *N.b. The relevant session cookies are inaccessible from JavaScript due to httponly being set so all exploits must be present within the SVG file* ### PoC _Complete instructions, including specific configuration details, to reproduce the vulnerability._ Currently, this requires the ability for a ...

WordPress Gutenberg 18.0.0 Cross Site Scripting

WordPress Gutenberg plugin version 18.0.0 suffers from a persistent cross site scripting vulnerability.

ARIS: Business Process Management 10.0.21.0 Cross Site Scripting

ARIS: Business Process Management version 10.0.21.0 suffers from a persistent cross site scripting vulnerability.

BioTime Directory Traversal / Remote Code Execution

BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version 8.5.5.

Gibbon 26.0.00 Server-Side Template Injection / Remote Code Execution

Gibbon version 26.0.00 suffers from a server-side template injection vulnerability that allows for remote code execution.

How a Houthi-Bombed Ghost Ship Likely Cut Off Internet for Millions

Millions lost internet service after three cables in the Red Sea were damaged. Houthi rebels deny targeting the cables, but their missile attack on a cargo ship, left adrift for months, is likely to blame.

Yogurt Heist Reveals a Rampant Form of Online Fraud

Plus: “MFA bombing” attacks target Apple users, Israel deploys face recognition tech on Gazans, AI gets trained to spot tent encampments, and OSINT investigators find fugitive Amond Bundy.

Blockchain in Identity Management: Securing Personal Data and Identities

By Uzair Amir Learn how blockchain is transforming digital identity management by empowering individuals with self-sovereign control over personal data through… This is a post from HackRead.com Read the original post: Blockchain in Identity Management: Securing Personal Data and Identities