Security
Headlines
HeadlinesLatestCVEs

Tag

#git

AI scammers target Gmail accounts, say they have your death certificate

Typical AI supported scams are after your Google account by pretending to follow up on account recovery requests

Malwarebytes
Open in Source
#windows#google#git#intel
LLMs Are a New Type of Insider Adversary

The inherent intelligence of large language models gives them unprecedented capabilities like no other enterprise tool before.

Election season raises fears for nearly a third of people who worry their vote could be leaked

The US presidential election is stirring fears amongst a third of people who worry that their vote could be exposed to outsiders.

Small Business Owners Must Prioritize Cybersecurity to Stay Operational

As a small business owner, you may think you are too insignificant to ever be on a cybercriminal’s…

This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look

Global Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.

Even Orgs With SSO Are Vulnerable to Identity-Based Attacks

Use SSO, don't use SSO. Have MFA, don't have MFA. An analysis of a snapshot of organizations using Push Security's platform finds that 99% of accounts susceptible to phishing attacks.

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma. Hijack Loader, also known as DOILoader, IDAT Loader, and

Southeast Asian Cybercrime Profits Fuel Shadow Economy

With cybercriminal gangs raking in at least $18 billion regionally — and much more globally — law enforcement and policymakers are struggling to keep up as the syndicates innovate and entrench themselves in national economies.

Intel Broker Claims Cisco Breach, Selling Stolen Data from Major Firms

Intel Broker claims a major data breach at Cisco, allegedly stealing source codes, confidential documents, and credentials from…

GHSA-qh8g-58pp-2wxh: Eclipse Jetty URI parsing of invalid authority

## Summary Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, `HttpURI`, for URI/URL parsing. The `HttpURI` class does insufficient validation on the authority segment of a URI. However the behaviour of `HttpURI` differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically `HttpURI` and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. ## Details ### Affected components The vulnerable component is the `HttpURI` class when used as a utility class in an application. The Jetty usage of the class is not vulnerable. ### Attack overview The `HttpURI` class does not well validate the authority section of a URI. When presented with an illega...