#git

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs obfs4 for

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

Android/BankBot-YNRK is currently targeting users in Indonesia by masquerading as legitimate applications.

`shaman::cryptoutil::write_u64v_le` and other functions mentioned above cannot garantee memory safety of get_unchecked later if both length are zero. `shaman` is unmaintained.

### Impact Missing authentication in the `/api/v1/usage-report/summary` endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. ### Patches Upgrade to >v1.70.1 ### Workarounds Any **ONE** of these is sufficient to block this reporting: - Disable usage reporting by setting configuration option `usage_report.enabled` or environment variable `LAKEFS_USAGE_REPORT_ENABLED` to `false`. - Using load-balancer or application level firewall - blocking the request route /api/v1/usage-report/summary.

## Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution (RCE) by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization, attackers can inject shell syntax that is executed when the Motion process restarts. This issue enables full takeover of the MotionEye container and potentially the host environment (depending on container privileges). ## Details ### Root Cause: MotionEye accepts arbitrary strings from fields such as **image_file_name** and **movie_filename** in the Web UI. These are written directly into **/etc/motioneye/camera-*.conf**. When MotionEye restarts the Motion service (motionctl.start), the Motion binary reads this configuration. Because Motion treats these fields as shell-expandable, injected characters (e.g. $(), backticks) are interpreted as shell commands. ### Vulnerability flow: Dashboa...

### Impact Due to insufficient access-level checks, any non-admin user having access to _manage_config_columns_page.php_ (typically project managers having MANAGER role) can use the _Copy From_ action to retrieve the columns configuration from a private project they have no access to. Access to the reverse operation (_Copy To_) is correctly controlled, i.e. it is not possible to alter the private project's configuration. ### Patches The vulnerability will be fixed in MantisBT version 2.27.2. ### Workarounds None ### Credits Thanks to [d3vpoo1](https://github.com/jrckmcsb) for reporting the issue.

When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. ### Impact This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. ### Patches Fixed in 2.27.2. ### Workarounds None ### Credits Thanks to @ncrcs for discovering and reporting the issue.

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.