#git

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

Scammers are texting residents, urging them to “verify payment details” to claim their refund.

### Summary Reflected-XSS in `report_this` function in `librenms/includes/functions.php` ### Details Recently, it was discovered that the `report_this` function had improper filtering (`htmlentities` function was incorrectly used in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. The Vulnerable Sink: https://github.com/librenms/librenms/blob/master/includes/functions.php#L444 ### PoC GET `project_issues=javascript:alert(document.cookie)` ### Impact XSS vulnerabilities allow attackers to execute malicious scripts in users' browsers, enabling unauthorized access to sensitive data, session hijacking, or malware distribution. ### Suggestion It is recommended to filter dangerous protocols, e.g. `javascript:`/`file:`.

### Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the `env` command. Such an injection is completely at the UI level unless the user tries to copy the command line with the injection and paste it into a terminal to execute it. A minimal POC is executing `env -- -a=b bash --norc` in tracexec's TUI mode. The resulting command line of `env` executing bash would be `env -a bash -a=b _=/usr/bin/env /usr/bin/bash --norc` in tracexec's TUI, which injects `-a=b` into `env`'s arguments. This has very limited effect for security. A local adversarial could leverage this to make tracexec show an inaccurate reconstructed commandline for their executed command. If the user of tracexec decides to copy and run the reconstructed commandline, there could be injection fo...

## Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. ## Details The vulnerability exists in the `isSensitiveSpec` function which calls `grpcomni.CreateResource` without checking if the resource's metadata field is nil. When a resource is created with an empty `Metadata` field, the `CreateResource` function attempts to access `resource.Metadata.Version` causing a segmentation fault. ### Vulnerable Code The `isSensitiveSpec` function in `/src/internal/backend/server.go`: ```go func isSensitiveSpec(resource *resapi.Resource) bool { res, err := grpcomni.CreateResource(resource) // No nil check on resource.Metadata if err != nil { return false } // ... rest of function } ``` The `CreateResource` function expects `resource.Metadata` to be non-nil: ```go func CreateResource(resource *r...

### Impact A logic flaw exists in the message command handler of CommandKit that affects how the `commandName` property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the `ctx.commandName` value reflects the alias rather than the canonical command name. This occurs in both middleware functions and within the command’s own run function. Developers who rely on `ctx.commandName` for logic that assumes it represents the canonical command identifier may introduce unintended behavior. In security-sensitive cases, such as middleware used for permission checks, rate limiting, or audit logging, this behavior could allow unauthorized command execution or inaccurate access control decisions. Slash commands and context menu commands are not affected. ### Patches Fixed in v1.2.0-rc.12. `ctx.commandName` now consistently returns the actual command name, regardless of the alias used to invoke it...

ShinyHunters and its affiliate hackers have leaked data from 6 firms, including Qantas and Vietnam Airlines, after claiming to breach 39 companies via a Salesforce vulnerability.

### Summary When using **filter** authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. **Bypass policies whose condition can never pass at runtime** were compiled as `OR(AND(condition, compiled_policies), NOT(condition))`. If the condition could never be true at runtime, the `NOT(condition)` branch evaluated truthy and the overall expression became permissive. 2. **Runtime policy scenarios that reduce to “no checks are applicable”** (an empty SAT scenario) were treated as an empty clause and dropped instead of being treated as **`false`**, which could again produce an overly broad (permissive) filter. These bugs could allow reads to return records that should have been excluded by policy. ### Impact Projects that rely on **filter-based authorization** and define: * `bypass ... do ... end` blocks whose condition(s) are only resolvable at runtime and can never pass in a given request context, **or** * runtime checks tha...

Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons.

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the complete Holiday Season Security Playbook here. Bottom Line Up Front The 2024 holiday season saw major