Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Harnessing AI for Proactive Threat Intelligence and Advanced Cyber Defense

Discover how AI revolutionizes cybersecurity with real-time threat detection, adaptive protection, and advanced data protection to combat evolving…

HackRead
Open in Source
#vulnerability#ios#mac#windows#ddos#dos#git#intel#auth#zero_day
GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

### Impact The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation. Example attack scenario: 1. An attacker has stolen the private key for a key published in JWK Set. 2. The publishers of that JWK Set remove that key from the JWK Set. 3. Enough time has passed that the program using the auto-caching HTTP client found in `github.com/MicahParks/jwkset` v0.5.0-v0.5.21 has elapsed its `HTTPClientStorageOptions.RefreshInterval` duration, causing a refresh of the remote JWK Set. 4. The attacker is signing content (such as JWTs) with the stolen private key and the system has no other forms of revocation. ### Patches The affected auto-caching HTTP client was added in version `v0.5.0` and fixed in `v0.6.0`. Upgrade ...

Google Chrome AI extensions deliver info-stealing malware in broad attack

At least 36 Google Chrome extensions for AI and VPN tools have begun delivering info-stealing malware in a widespread attack.

Cybersecurity Risks in Crypto: Phishing, Ransomware and Other Emerging Threats

Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your…

Massive breach at location data seller: “Millions” of users affected

Data broker Gravy Analytics that collects location data and sells it to the US government has been breached.

New AI Challenges Will Test CISOs & Their Teams in 2025

CISOs need to recognize the new threats AI can present — while also embracing AI-powered solutions to stay ahead of those threats.

GroupGreeting e-card site attacked in “zqxq” campaign 

This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes Malwarebytes recently uncovered...

The School Shootings Were Fake. The Terror Was Real

The inside story of the teenager whose “swatting” calls sent armed police racing into hundreds of schools nationwide—and the private detective who tracked him down.

GHSA-7rgp-4j56-fm79: Mattermost has Improper Check for Unusual or Exceptional Conditions

Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.