Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Roblox called “real-life nightmare for children” as Roblox and Discord sued

Last week it was reported that a lawsuit has been initiated against gaming giant Roblox and leading messaging platform Discord.  The court...

Malwarebytes
Open in Source
#cisco#git
Have I Been Pwned Adds ALIEN TXTBASE Data 280M Emails & Passwords

HaveIbeenPwned (HIBP) website has significantly expanded its database with hundreds of millions of newly compromised credentials extracted by hackers though infostealer logs.

Signal Threatens to Exit Sweden Over Government’s Backdoor Proposal

Sweden’s proposal to mandate encryption backdoors faces backlash from Signal, cybersecurity experts, and even its military over privacy and security risks.

US Background Check Firm Data Breach Exposes 3.3M Records

A data breach at DISA Global Solutions, a firm providing background checks, and drugs and alcohol testing services,…

GHSA-5mvm-89c9-9gm5: Matrix IRC Bridge allows IRC command injection to own puppeted user

### Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. ### Patches The vulnerability has been patched in matrix-appservice-irc version 3.0.4. ### For more information If you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:security@matrix.org).

Crypto and Cybersecurity: The Rising Threats and Why Reliable Wallets Matter

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to…

GHSA-3qxh-p7jc-5xh6: Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, `?text=<svg/onload=alert(1)>` would trigger XSS here. ```js const [text] = createResource(() => { return new URL(getRequestEvent().request.url).searchParams.get("text"); }); return ( <> Text: {text()} </> ); ```

GHSA-mcgx-2gcr-p3hp: LTI JupyterHub Authenticator does not properly validate JWT Signature

### Impact Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are influenced. LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request granting access to existing and new user identities. ### Patches None. ### Workarounds None. ### References - [This code segment](https://github.com/jupyterhub/ltiauthenticator/blob/3feec2e81b9d3b0ad6b58ab4226af640833039f3/ltiauthenticator/lti13/validator.py#L122-L164) didn't validate a JWT signature.

Hackers Exploit Fake GitHub Repositories to Spread GitVenom Malware

Kaspersky’s Securelist exposes the GitVenom campaign involving fake GitHub repositories to distribute malware. Targeting developers with seemingly legitimate…

Background check provider data breach affects 3 million people who may not have heard of the company

Background check provider DISA has disclosed a major data breach which may have affected over 3 million people.