#git

The company, one of four finalists in this year's Black Hat USA Startup Spotlight competition, uses multi-agent system to build AI Digital Employees.

TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong

Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft

### Summary Prototype pollution capabilities on various APIs. ### Details Injection of malicious payload allows attacker to remotely execute arbitrary code. `Parse.Object` and internal APIs are affected, specifically: - `ParseObject.fromJSON` - `ParseObject.pin` - `ParseObject.registerSubclass` - `ObjectStateMutations` (internal) - `encode`/`decode` (internal) ### PoC Demonstrative tests added as part of the fix. ### References - https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3 - Patch https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1

# Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/announcements/issues/372 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET Core 10.0 application running on ASP.NET Core 10.0.0-rc.1.25451.107 or earl...

Name: ASA-2025-003: Invalid BitArray handling can lead to network halt Criticality: High (Considerable Impact; Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md)) Affected versions: `<= v0.38.18`, `<= v0.37.15`, and `main` development branches Affected users: Validators, Full nodes, Users ### Description A bug was discovered in CometBFT's handling of `BitArray`'s that have a mismatch between the `BitArray`'s expected number of `Elems` for the specified number of `Bits`. Additional validation was added to prevent processing `BitArray`'s in this invalid state, as well as guards to prevent panics on `BitArray` methods if one of these invalid states is processed. ### Impact `BitArray`'s are present in a number of messages received from peers. When handling these messages, insufficient validation was applied to prevent processing messages the aforementioned invalid state. In the worst case, nodes will gossip messages t...

### Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point (The blue bar in the picture below) <img width="955" height="568" alt="1_cens" src="https://github.com/user-attachments/assets/ed855216-c306-4b50-affc-cda100e72b74" /> An alternative, and more impactful scenario, is that the entity gets a malicious name from the provider of the Entity (in this case the energy provider: Tibber), and gets exploited that way, through the default name. ### Details The incriminating entity in my scenario is from the Tibber integration, as shown in the screenshot below: <img width="822" height="309" alt="2_cens" src="https://github.com/user-attachments/assets/d0d5a7aa-8d0c-4dcb-825b-e4cb8ea8885b" /> The exploit should be possible regardless of the Energy integration, as the user can name the entity themselves and as such pick a malicious na...

### Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read `workflow-controller` logs and get credentials to the artifact repository. ### Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal, delete or modify the data that resides there. The `workflow-controller` logs show the credentials in plaintext. <img width="1366" alt="screen" src="https://github.com/user-attachments/assets/5642b2be-edcf-4050-bf47-747d05352698" /> ### Impact An attacker with access to pod logs in the `argo` namespace can extract plaintext credentials from the `workflow-controller` logs and gain access to the artifact repository. This can lead to: - Data exfiltration – theft of sensitive or proprietary artifacts - Data tampering – modification of workflows or artifacts - Data destruction – deletion of stored artifacts, leading to potential loss of critical data or pipeline failure

### **Vulnerability Description** #### Vulnerability Overview 1. During the artifact extraction process, the `unpack()` function extracts the compressed file to a temporary directory (`/etc.tmpdir`) and then attempts to move its contents to `/etc` using the `rename()` system call, 2. However, since `/etc` is an already existing system directory, the `rename()` system call fails, making normal archive extraction impossible. 3. At this point, if a malicious user sets the entry name inside the `tar.gz` file to a path traversal like `../../../../../etc/zipslip-poc`, 4. The `untar()` function combines paths using `filepath.Join(dest, filepath.Clean(header.Name))` without path validation, resulting in `target = "/work/input/../../../../../etc/zipslip-poc"`, 5. Ultimately, the `/etc/zipslip-poc` file is created, bypassing the normal archive extraction constraints and enabling direct file writing to system directories. #### untar(): Writing Files Outside the Extraction Directory https://gi...

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it's assessed to be a publicly-traded