Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-f95p-4cv5-8w8x: linkme fails to ensure slice elements match the slice's declared type

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type `&&str` could end up in a slice of type `[&str]`, since `&&str` coerces to `&str` via a deref coercion. The flaw was corrected by implementing typechecking for distributed slice elements in such a way that coercion no longer occurs. The element's type must be a subtype of the slice's declared element type.

ghsa
Open in Source
#vulnerability#web#git
NHS Ransomware Attack: Russian INC Ransom Gang Steals Patient Data

INC Ransom, a Russian-leanguage ransomware group has claimed responsibility for the ransomware attack on two NHS, hospitals.

Crypto’s rising value likely to bring new wave of scams

The value of cryptocurrencies is going through the roof, so the scammers are even more interested in your funds

She Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering Kingpin

Western authorities say they’ve identified a network that found a new way to clean drug gangs’ dirty cash. WIRED gained exclusive access to the investigation.

Crypto and Cybersecurity: How to Keep Your Cryptocurrency Safe in 2025

Secure your cryptocurrency with key cybersecurity strategies. Safeguard your digital assets from hacks, scams, and vulnerabilities using hardware…

GHSA-2m9h-r57g-45pj: Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability

### Summary A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through `gh run download`. ### Details This vulnerability stems from a GitHub Actions workflow artifact named `..` when downloaded using `gh run download`. The artifact name and `--dir` flag are used to determine the artifact’s download path. When the artifact is named `..`, the resulting files within the artifact are extracted exactly 1 directory higher than the specified `--dir` flag value. In `2.63.1`, `gh run download` will not download artifacts named `..` and `.` and instead exit with the following error message: ``` error downloading ..: would result in path traversal ``` ### Impact Successful exploitation heightens the risk of local path traversal attack vectors exactly 1 directory higher than intended. ### Remediation and Mitigation 1. Upgrade `gh` to `2.63.1` 2. Implem...

Navigating the Changing Landscape of Cybersecurity Regulations

The evolving regulatory environment presents both challenges and opportunities for businesses.

Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the target system. The attack can be performed from an AppContainer restricted environment. Using […]

Authorities Take Down Criminal Encrypted Messaging Platform MATRIX

Another day, another cybercrime operation shut down - this time, Europol has dismantled the MATRIX encrypted messaging service.