#git

Researchers found a host of vulnerabilities in the platforms run by RBI to service Burger King, Tim Horton's, and Popeyes.

### Impact OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an **authenticated** attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler and said event gets triggered. If no event handlers executing system commands with uploaded filenames as parameters have been configured, this vulnerability does not have an impact. ### Patches The vulnerability will be patched in version 1.11.3. ### Workaround Until the patch has been applied, OctoPrint administrators who have event handlers configured that include any kind of filename based placeholders (i.e. `{__filename}`, `{__filepath}`, `{filename}`, `{path}`, etc -- refer to [the events documentation](https://docs.octoprint.org/en/master/events/index.html#placeholders) for a full list) should disable those by setting their `enabled` property to `False` or unchecking the "Enab...

# Summary The CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling cache pinning for very long periods. This can effectively cause a denial of service for DNS updates/changes to affected services. # Details In `plugin/etcd/etcd.go`, the `TTL()` function casts the 64-bit etcd lease ID to a uint32 and uses it as the TTL: ```go func (e *Etcd) TTL(kv *mvccpb.KeyValue, serv *msg.Service) uint32 { etcdTTL := uint32(kv.Lease) // BUG: Lease ID != TTL duration // ... rest of function uses etcdTTL as actual TTL } ``` Lease IDs are identifiers, not durations. Large lease IDs can produce very large TTLs after truncation, causing downstream resolvers and clients to cache answers for years. This enables cache pinning attacks, such as: 1. Attacker has etcd write access (compromised service account, misconfigured RBAC/TLS, exposed etcd, insider). 2. Attacker writes/updates a key and attaches any lease (the actual lease ...

Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.

A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read…

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.

Republic today announced a strategic partnership with Incentiv, an EVM-compatible Layer 1 blockchain designed to make Web3 simple,…

The DuckDB distribution for [Node.js](http://node.js/) on [npm](https://www.npmjs.com/) was compromised with malware (along with [several other packages](https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised)). An attacker published new versions of four of duckdb’s packages that included **malicious code to interfere with cryptocoin transactions**. The following packages and versions are affected: - `@duckdb/node-api@1.3.3` - `@duckdb/node-bindings@1.3.3` - `duckdb@1.3.3` - `@duckdb/duckdb-wasm@1.29.2` > Note: The current release version of DuckDB is 1.3.2, with 1.4.0 expected to be released on Sept 10th, 2025 (tomorrow as of this writing). We do not plan to ever release a “legit” DuckDB 1.3.3. Users should double-check that they are not accidentally updating to those affected versions. We have ourselves noticed this *within four hours* of it happening. Here’s our response: - As an immediate response, we have **deprecated** the specific versions. - We have reached...

Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest. "Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined," the cybersecurity company said in a

Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said. "