Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Signal Threatens to Exit Sweden Over Government’s Backdoor Proposal

Sweden’s proposal to mandate encryption backdoors faces backlash from Signal, cybersecurity experts, and even its military over privacy and security risks.

HackRead
Open in Source
#vulnerability#apple#git#backdoor#auth#sap
US Background Check Firm Data Breach Exposes 3.3M Records

A data breach at DISA Global Solutions, a firm providing background checks, and drugs and alcohol testing services,…

GHSA-5mvm-89c9-9gm5: Matrix IRC Bridge allows IRC command injection to own puppeted user

### Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. ### Patches The vulnerability has been patched in matrix-appservice-irc version 3.0.4. ### For more information If you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:security@matrix.org).

Crypto and Cybersecurity: The Rising Threats and Why Reliable Wallets Matter

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to…

GHSA-3qxh-p7jc-5xh6: Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, `?text=<svg/onload=alert(1)>` would trigger XSS here. ```js const [text] = createResource(() => { return new URL(getRequestEvent().request.url).searchParams.get("text"); }); return ( <> Text: {text()} </> ); ```

GHSA-mcgx-2gcr-p3hp: LTI JupyterHub Authenticator does not properly validate JWT Signature

### Impact Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are influenced. LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request granting access to existing and new user identities. ### Patches None. ### Workarounds None. ### References - [This code segment](https://github.com/jupyterhub/ltiauthenticator/blob/3feec2e81b9d3b0ad6b58ab4226af640833039f3/ltiauthenticator/lti13/validator.py#L122-L164) didn't validate a JWT signature.

Hackers Exploit Fake GitHub Repositories to Spread GitVenom Malware

Kaspersky’s Securelist exposes the GitVenom campaign involving fake GitHub repositories to distribute malware. Targeting developers with seemingly legitimate…

Background check provider data breach affects 3 million people who may not have heard of the company

Background check provider DISA has disclosed a major data breach which may have affected over 3 million people.

Silver Fox APT Hides ValleyRAT in Trojanized Medical Imaging Software

Chinese Silver Fox APT exploits trojanized medical imaging software to spread ValleyRAT malware, posing a serious threat to…

‘OpenAI’ Job Scam Targeted International Workers Through Telegram

An alleged job scam, led by “Aiden” from “OpenAI,” recruited workers in Bangladesh for months before disappearing overnight, according to FTC complaints obtained by WIRED.