#git

# Summary The CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling cache pinning for very long periods. This can effectively cause a denial of service for DNS updates/changes to affected services. # Details In `plugin/etcd/etcd.go`, the `TTL()` function casts the 64-bit etcd lease ID to a uint32 and uses it as the TTL: ```go func (e *Etcd) TTL(kv *mvccpb.KeyValue, serv *msg.Service) uint32 { etcdTTL := uint32(kv.Lease) // BUG: Lease ID != TTL duration // ... rest of function uses etcdTTL as actual TTL } ``` Lease IDs are identifiers, not durations. Large lease IDs can produce very large TTLs after truncation, causing downstream resolvers and clients to cache answers for years. This enables cache pinning attacks, such as: 1. Attacker has etcd write access (compromised service account, misconfigured RBAC/TLS, exposed etcd, insider). 2. Attacker writes/updates a key and attaches any lease (the actual lease ...

Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.

A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read…

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.

Republic today announced a strategic partnership with Incentiv, an EVM-compatible Layer 1 blockchain designed to make Web3 simple,…

The DuckDB distribution for [Node.js](http://node.js/) on [npm](https://www.npmjs.com/) was compromised with malware (along with [several other packages](https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised)). An attacker published new versions of four of duckdb’s packages that included **malicious code to interfere with cryptocoin transactions**. The following packages and versions are affected: - `@duckdb/node-api@1.3.3` - `@duckdb/node-bindings@1.3.3` - `duckdb@1.3.3` - `@duckdb/duckdb-wasm@1.29.2` > Note: The current release version of DuckDB is 1.3.2, with 1.4.0 expected to be released on Sept 10th, 2025 (tomorrow as of this writing). We do not plan to ever release a “legit” DuckDB 1.3.3. Users should double-check that they are not accidentally updating to those affected versions. We have ourselves noticed this *within four hours* of it happening. Here’s our response: - As an immediate response, we have **deprecated** the specific versions. - We have reached...

Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest. "Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined," the cybersecurity company said in a

Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said. "

Geedge Networks, a company with ties to the founder of China’s mass censorship infrastructure, is selling its censorship and surveillance systems to at least four other countries in Asia and Africa.

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.