#git

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally.

Ai command injection in Visual Studio allows an authorized attacker to disclose information over a network.

Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.

Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains. "TA585 is notable because it

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

Scammers are texting residents, urging them to “verify payment details” to claim their refund.

### Summary Reflected-XSS in `report_this` function in `librenms/includes/functions.php` ### Details Recently, it was discovered that the `report_this` function had improper filtering (`htmlentities` function was incorrectly used in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. The Vulnerable Sink: https://github.com/librenms/librenms/blob/master/includes/functions.php#L444 ### PoC GET `project_issues=javascript:alert(document.cookie)` ### Impact XSS vulnerabilities allow attackers to execute malicious scripts in users' browsers, enabling unauthorized access to sensitive data, session hijacking, or malware distribution. ### Suggestion It is recommended to filter dangerous protocols, e.g. `javascript:`/`file:`.

### Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the `env` command. Such an injection is completely at the UI level unless the user tries to copy the command line with the injection and paste it into a terminal to execute it. A minimal POC is executing `env -- -a=b bash --norc` in tracexec's TUI mode. The resulting command line of `env` executing bash would be `env -a bash -a=b _=/usr/bin/env /usr/bin/bash --norc` in tracexec's TUI, which injects `-a=b` into `env`'s arguments. This has very limited effect for security. A local adversarial could leverage this to make tracexec show an inaccurate reconstructed commandline for their executed command. If the user of tracexec decides to copy and run the reconstructed commandline, there could be injection fo...

## Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. ## Details The vulnerability exists in the `isSensitiveSpec` function which calls `grpcomni.CreateResource` without checking if the resource's metadata field is nil. When a resource is created with an empty `Metadata` field, the `CreateResource` function attempts to access `resource.Metadata.Version` causing a segmentation fault. ### Vulnerable Code The `isSensitiveSpec` function in `/src/internal/backend/server.go`: ```go func isSensitiveSpec(resource *resapi.Resource) bool { res, err := grpcomni.CreateResource(resource) // No nil check on resource.Metadata if err != nil { return false } // ... rest of function } ``` The `CreateResource` function expects `resource.Metadata` to be non-nil: ```go func CreateResource(resource *r...