Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Thai Police Systems Under Fire From 'Yokai' Backdoor

Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.

DARKReading
Open in Source
#mac#windows#apple#git#backdoor#pdf#acer#auth#sap
GHSA-px38-239g-x5mg: Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page

Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.

5 million payment card details stolen in painful reminder to monitor Christmas spending

An online repository of screenshots where victims filled out their payment card details online was publicly accessible.

Azure Data Factory Bugs Expose Cloud Infrastructure

Three vulnerabilities in the service's Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.

GHSA-hxr6-2p24-hf98: Traefik affected by CVE-2024-53259

There is a potential vulnerability in Traefik managing HTTP/3 connections. More details in the [CVE-2024-53259](https://nvd.nist.gov/vuln/detail/CVE-2024-53259). ## Patches - https://github.com/traefik/traefik/releases/tag/v2.11.15 - https://github.com/traefik/traefik/releases/tag/v3.2.2 ## Workarounds No workaround ## For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

GHSA-7gfc-8cq8-jh5f: Next.js authorization bypass vulnerability

### Impact If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar` ### Patches This issue was patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. ### Workarounds There are no official workarounds for this vulnerability. #### Credits We'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.

To Defeat Cybercriminals, Understand How They Think

Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target.

RPC Management Has Come A Long Way In Two Short Years.  Here’s Why.

Explore RPC Management: Learn how modern decentralized RPC providers solve scalability & connectivity issues in Web3, ensuring secure,…

Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys

SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…