Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-gp5f-cx7h-8q6f: Apache Airflow's create action can upsert existing Pools/Connections/Variables

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.

ghsa
Open in Source
#apache#git#intel
GHSA-273c-4g26-4jpm: Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

Russian Hackers Exploit Adaptix Pentesting Tool in Ransomware Attacks

Silent Push wars of Russian hackers exploiting Adaptix, a pentesting tool built for Windows, Linux, and macOS, in ransomware campaigns.

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first

Dynamic binary instrumentation (DBI) with DynamoRio

Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more.

GHSA-jqmq-fpwv-p925: Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass. This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.

GHSA-h72q-cq3w-h3wc: Drupal CivicTheme Design System allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS). This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

GHSA-x957-32v9-m7vg: Drupal Acquia DAM allows Forceful Browsing

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing. This issue affects Acquia DAM: from 0.0.0 before 1.1.5.

GHSA-m3f2-xjgc-2wp2: Drupal JSON Field is vulnerable to XSS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS). This issue affects JSON Field: from 0.0.0 before 1.5.