#git

GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the

Responding to an incident quickly is important, but it shouldn't come at the expense of reporting it to the appropriate regulatory bodies.

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms," Trend Micro researchers Ahmed

The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS.  SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.

In today's networked digital world, application programming interface (API) security is a crucial component in safeguarding private information and strengthening the integrity of online transactions. The potential for attack has increased dramatically as a result of the growing use of applications that depend on APIs to communicate across systems and services.It's also important to protect against malevolent actors who try to take advantage of API vulnerabilities for illegal access, data breaches and service interruptions. Strong API security measures are needed to establish trust, reduce risk

AWS hosted a server linked to the Bezos family- and Nvidia-backed search startup that appears to have been used to scrape the sites of major outlets, prompting an inquiry into potential rules violations.

Data-rich and resource-poor, schools and libraries around the country make attractive targets for cybercriminals looking for an easy score, but a new federal program is looking to aid their defenses by providing much-needed financial support.

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.