#git

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity "reveals a notable evolution in SideWinder's TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in

## Summary A single root cause in the CLAHE implementation — tile width/height becoming zero — produces two distinct but related unsafe behaviors. Vulnerabilities exists in the `CLAHEImage()` function of ImageMagick’s `MagickCore/enhance.c`. 1. Unsigned integer underflow → out-of-bounds pointer arithmetic (OOB): when `tile_info.height == 0`, the expression `tile_info.height - 1` (unsigned) wraps to a very large value; using that value in pointer arithmetic yields a huge offset and OOB memory access (leading to memory corruption, SIGSEGV, or resource exhaustion). 2. **Division/modulus by zero**: where code performs `... / tile_info.width` or `... % tile_info.height` without re-checking for zero, causing immediate division-by-zero crashes under sanitizers or `abort` at runtime. Both behaviors are triggered by the same invalid tile condition (e.g., CLI exact `-clahe 0x0!` or automatic tile derivation `dim >> 3 == 0` for very small images). --- ## Details ### **Unsigned underflow(ca...

Serverless architectures have fundamentally altered the cybersecurity landscape, creating attack vectors that traditional security models cannot address. After…

Keycloak is vulnerable to a Denial of Service (DoS) attack due to the default JDK setting that permits Client-Initiated Renegotiation in TLS 1.2. An unauthenticated remote attacker can repeatedly initiate TLS renegotiation requests to exhaust server CPU resources, making the service unavailable. Immediate mitigation is available by setting the `-Djdk.tls.rejectClientInitiatedRenegotiation=true` Java system property in the Keycloak startup configuration.

### Impact The implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. This bug was introduced in the release of Wasmtime 38.0.0 and affects it subsequent patch releases of 38.0.1 and 38.0.2. No other versions of Wasmtime are affected. In Wasmtime 38 the implementation of host-to-wasm trampolines was refactored to remove the old usage of `setjmp` and `longjmp` to unwind the stack. In this transition, however, trampolines for component-model intrinsics were accidentally not updated meaning that they didn't update runtime data structures as the other host-to-wasm trampolines did. If an error ocurred during execution of wasm it would then try to read this runtime data which isn't present, and processing it could then result in a crash. For example one piece of runtime data is where to jump to in the case o...

### Summary bbot's `gitlab.py` sends the user's "gitlab" API key to on-premise GitLab instances. If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server. ### Impact A user with a "gitlab" API key configured who uses bbot to scan a malicious webserver may leak their gitlab.com API key to an untrustworthy server.

### Impact Any plugin using the GuiStorageElement is impacted when used on a server which allows the (currently experimental) Bundle items. ### Patches Patched with https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494 ("backported" to 1.6.3-SNAPSHOT) Update to 1.6.4-SNAPSHOT to guarantee that it's included! ### Workarounds Don't enable the experiment "Bundle" items or don't use the GuiStorageElement in GUIs. ### References Original issue: https://github.com/Phoenix616/InventoryGui/issues/51

### Impact Any plugin using the `GuiStorageElement` is impacted. ### Patches Patched with https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029 ("backported" to 1.6.1-SNAPSHOT) Update to 1.6.2-SNAPSHOT to guarantee that it's included! ### Workarounds Don't use the `GuiStorageElement` in GUIs. ### References Original issue: https://github.com/Phoenix616/InventoryGui/issues/48

About Elevation of Privilege – Windows Agere Modem Driver (CVE-2025-24990) vulnerability. The vulnerability is from Microsoft’s October Patch Tuesday. Agere Modem Driver (ltmdm64.sys) is a software component that allows a computer to communicate with an Agere (or LSI) modem for dial‑up or fax connections. 📠🙄 Despite its questionable practical usefulness, the driver continued to be […]

Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.