#ddos

By Waqas Cloudflare explained that it wasn’t the largest application-layer attack but the largest ever noted in the HTTPS category.… This is a post from HackRead.com Read the original post: Cloudflare Successfully Thwarted One of The Largest DDoS Attacks

By Waqas In total, Anonymous leaked 285,635 confidential emails belonging to the Nauru Police Force of the tiny Nauru Island… This is a post from HackRead.com Read the original post: Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

CERT-In updates cybersecurity rules to include mandatory reporting, record-keeping, and more.

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

The onslaught was delivered through HTTPS, which puts more strain on a target, and it suggests that attackers are getting more powerful.

Plus: Trump backers breach election systems, Microsoft tracks Russia's war prep, a new Facebook leak reveals a mess, and Bored Ape Yacht Club gets hacked.