Security
Headlines
HeadlinesLatestCVEs

Tag

#git

How To Create a Complete GitHub Backup

The issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.…

HackRead
Open in Source
#sql#vulnerability#web#ios#mac#google#microsoft#git#auth#ssh#bitbucket
GHSA-p3vf-v8qc-cwcr: DOMPurify vulnerable to tampering by prototype polution

dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

Qualitor 8.24 Server-Side Request Forgery

Qualitor versions 8.24 and below suffer from an unauthenticated server-side request forgery vulnerability.

The Case Against Abandoning CrowdStrike Post-Outage

Knee-jerk reactions to major vendor outages could do more harm than good.

Threat actors use copyright infringement phishing lure to deploy infostealers

Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan.  The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the victim into downloading and executing malware.

China Says Seabed Sentinels Are Spying, After Trump Taps

On the heels of a Chinese APT eavesdropping on phone calls made by Trump and Harris campaign staffers, Beijing says foreign nations have mounted an extensive seafaring espionage effort.

GHSA-2qw8-ppr5-m96c: Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.

About Remote Code Execution – XWiki Platform (CVE-2024-31982) vulnerability

About Remote Code Execution – XWiki Platform (CVE-2024-31982) vulnerability. XWiki is a free open-source wiki platform. Its main feature is simplified extensibility. XWiki is often used in corporate environments as a replacement for commercial Wiki solutions (such as Atlassian Confluence). A vulnerability with CVSS Base Score 10, published on April 10, allows attackers to execute […]

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data

The Untold Story of Trump's Failed Attempt to Overthrow Venezuela's President

A successful CIA hack of Venezuela's military payroll system, insider fights for spy agency resources, and messy opposition politics: A WIRED investigation reveals a secret Trump-era attempt to oust autocratic ruler Nicolás Maduro.