#auth

An SQL injection vulnerability in the `EventCache::find_event_with_relations` method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly pass relation types provided by those room members into this method, when used with the default sqlite-based store backend. Exploitation is unlikely, as no known clients currently use the API in this manner. ### Workarounds Passing only trusted (or sanitised) relation types to the `filter` argument of `EventCache::find_event_with_relations()` avoids the issue. ### Patches The issue is fixed in matrix-sdk 0.13. ### References The issue was introduced in https://github.com/matrix-org/matrix-rust-sdk/pull/4849.

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

Four suspects arrested by the NCA in April/May 2025 cyberattacks on M&S, Co-op, and Harrods. Learn about the social engineering, ransomware disruption, and estimated £300M impact on M&S.

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products.

Deepfake attacks aren't just for recruitment and banking fraud; they've now reached the highest levels of government.

### Summary Several `#dpl` parameters can leak usernames that have been hidden using revision deletion, suppression, or the `hideuser` block flag. ### Details The parameters `adduser`, `addauthor`, and `addlasteditor` output the page creator or last editor using the `%USER%` placeholder. These display the actual username, even when that name has been hidden using revision deletion, suppression (oversight), or `hideuser`. The `%CONTRIBUTOR%` placeholder, used with `addcontribution`, behaves similarly and also reveals hidden usernames. In addition, the following parameters can expose suppressed usernames when combined with `%USER%` or similar output placeholders: - `lastrevisionbefore` - `allrevisionsbefore` - `firstrevisionsince` - `allrevisionssince` These parameters reference specific revisions and allow output of user-related metadata. If a username has been hidden from those revisions, it may still appear in the output. Further, the parameters `createdby`, `notcreatedby`, `modi...

The job applicants' personal information could be accessed by simply guessing a username and using the password “12345.”

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low attack complexity Standard: End-of-Train and Head-of-Train remote linking protocol Equipment: End-of-Train and Head-of-Train devices Vulnerability: Weak Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train which may lead to a disruption of operations, or induce brake failure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of End-of-Train and Head-of-Train remote linking protocol is affected: End-of-Train and Head-of-Train remote linking protocol: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK AUTHENTICATION CWE-1390 The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: KUNBUS Equipment: RevPi Webstatus Vulnerability: Incorrect Implementation of Authentication Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to bypass authentication and gain unauthorized access to the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS KUNBUS reports the following products are affected: Revolution Pi Webstatus: Version 2.4.5 and prior Revolution Pi OS Bullseye: 04/2024 Revolution Pi OS Bullseye: 09/2023 Revolution Pi OS Bullseye: 07/2023 Revolution Pi OS Bullseye: 06/2023 Revolution Pi OS Bullseye: 02/2024 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT IMPLEMENTATION OF AUTHENTICATION ALGORITHM CWE-303 The Revolution Pi Webstatus application is vulnerable to an authentication bypass. The password check is vulnerable to an implicit type conversion. This results in incorrect authentication if the JSON value TRUE is prov...