#git

### Summary A use-after-free (UAF) vulnerability in Envoy's DNS cache causes abnormal process termination. Envoy may reallocate memory when processing a pending DNS resolution, causing list iterator to reference freed memory. ### Details The vulnerability exists in Envoy's Dynamic Forward Proxy implementation starting from version v1.34.0. The issue occurs when a completion callback for a DNS resolution triggers new DNS resolutions or removes existing pending resolutions. This condition may occur in the following configuration: 1. Dynamic Forwarding Filter is enabled. 2. `envoy.reloadable_features.dfp_cluster_resolves_hosts` runtime flag is enabled. 3. The Host header is modified between the Dynamic Forwarding Filter and Router filters. ### Impact Denial of service due to abnormal process termination. ### Attack vector(s) Request to Envoy configured as indicated above. ### Patches Users should upgrade to v1.35.1 or v1.34.5. ### Workaround Set the `envoy.reloadable_features.df...

North Korea’s Kimsuky hackers use AI-generated fake military IDs in a new phishing campaign, GSC warns, marking a…

Using `serde_yml::ser::Serializer.emitter` can cause a segmentation fault, which is unsound. The GitHub project for `serde_yml` was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. ## Recommended alternatives - [`serde_norway`](https://crates.io/crates/serde_norway) - Maintained fork of `serde_yaml`, using `unsafe-libyaml-norway` - [`serde_yaml_ng`](https://crates.io/crates/serde_yaml_ng) - Maintained fork of `serde_yaml`, using unmaintained `unsafe-libyaml` ## Incomplete pure Rust alternatives These implementation do not rely on C `libyaml`. - [`serde_yaml2`](https://crates.io/crates/serde_yaml2) - [`yaml-peg`](https://crates.io/crates/yaml-peg)

In version 0.0.4, `libyml::string::yaml_string_extend` was revised resulting in undefined behaviour, which is unsound. The GitHub project for `libyml` was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. ## Recommended alternatives - [`libyaml-safer`](https://crates.io/crates/libyaml-safer) - [`unsafe-libyaml-norway`](https://crates.io/crates/unsafe-libyaml-norway) - Maintained fork of `unsafe-libyaml`

### Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time - Installed MetaMask SDK in a project without a lockfile - Updated a lockfile to pull in `debug@4.4.2` (e.g., via `npm update` or `yarn upgrade`) ### What happened? On Sept 8th, 2025 (13:00–15:30 UTC), a malicious version of the `debug` package (v4.4.2) was published to npm. The injected code attempts to interfere with dApp-to-wallet communication when executed in a browser context. While MetaMask SDK itself was not directly impacted, projects installing the SDK during this window may have inadvertently pulled in the malicious version of `debug`. ### Mitigation - If your application was rebuilt and redeployed after Sept 8th, 2025, 15:30 UTC, the malicious version of debug should no longe...

Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective.  What is a browser-based attack? First, it’s important to establish what a browser-based attack is. In most scenarios, attackers don’t think of themselves as attacking your web browser.

In a world where threats are persistent, the modern CISO’s real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the

A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming

A list of topics we covered in the week of September 8 to September 14 of 2025