#git

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under the

Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire

A ransomware attack against the CodeRED emergency alert platform has triggered warnings across the US.

Scammers are stepping up their game for the holidays, impersonating brands to trick people into handing over their accounts.

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake

The vulnerability is a **Credential Leak by App Logic** that leads to the **unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token** to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (`http://` or `https://`) to determine if it is cross-origin. If the URL starts with protocol-relative URL (`//`), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the `X-XSRF-TOKEN` header. ### Impact The token leakage completely bypasses Angular's built-in CSRF protection, allowing an attacker to capture the user's valid XSRF token. Once the token is obtained, the attacker can perform arbitrary Cross-Site Request Forgery (CSRF) attacks against the victim user's session. ### Attack Preconditions 1. The victim's Angular application must have **XSRF protection enabled**. 2. The attacker must be able to make the application send a st...

Reliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights.

## Summary - Vulnerable component: `multi-session` plugin’s `/sign-out` after-hook (`packages/better-auth/src/plugins/multi-session/index.ts`) - Issue: Hook trusts raw multi-session cookies and forwards unsanitized tokens to `internalAdapter.deleteSessions`, allowing forged cookies to revoke arbitrary sessions. - Status: Reproduced locally with updated proof-of-concept. ## Impact Any authenticated attacker who can obtain the plain session token of another user (via log leaks, backups, etc.) can forge a multi-session cookie and trigger `/sign-out`. The hook extracts the attacker-supplied token and deletes the victim’s session, causing cross-account logout. No signing secret is required. ## Product / Version - Repository: `better-auth` - Branch: `canary` - Affected file: `packages/better-auth/src/plugins/multi-session/index.ts` (current head) - Dependency configuration: `pnpm install`, Bun runtime (`bun v1.3.0`) ## Steps to Reproduce 1. Clone the repository and install dependencies wi...

willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version `willitmerge@0.2.1`. Resources: * Project's GitHub source code: https://github.com/shama/willitmerge/ * Project's npm package: https://www.npmjs.com/package/willitmerge ## Background on exploitation Reporting a Command Injection vulnerability in `willitmerge` npm package. A security vulnerability manifests in this package due to the use of insecure child process execution API (`exec`) to which it concateanes user input, whether provided to the command-line flag, or is in user control in the target repository. ## Exploit ### POC 1 1. Install `willitmerge` 2. Run it with the following command ```sh willitmerge --verbose --remote "https://github.com/lirantal/npq.git; touch /tmp/hel" ``` 3. Confirm the file `/tmp/hel` is created on disk ### GitHub-sourced attack vector [Lines 189-197](https://github.com/shama/willitmerge/blob/2fe9...