Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

GHSA-m98w-cqp3-qcqr: Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values

## Summary Critical security vulnerabilities exist in both the `UUIDv4()` and `UUID()` functions of the `github.com/gofiber/utils` package. When the system's cryptographic random number generator (`crypto/rand`) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID `"00000000-0000-0000-0000-000000000000"`. This compromises the security of all Fiber applications using these functions for security-critical operations. **Both functions are vulnerable to the same root cause (`crypto/rand` failure):** - `UUIDv4()`: Indirect vulnerability through `uuid.NewRandom()` → `crypto/rand.Read()` → fallback to `UUID()` - `UUID()`: Direct vulnerability through `crypto/rand.Read(uuidSeed[:])` → silent zero UUID return ## Vulnerability Details ### Affected Functions - **Package**: `github.com/gofiber/utils` - **Functions**: `UUIDv4()` and `UUID()` - **Return Type**: `string` (both functions) - **Locations**: `common.go:93-99` (UUIDv4), `common.go:60-8...

ghsa
Open in Source
#csrf#vulnerability#ios#google#linux#dos#git#perl#auth
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild. The findings come from Intel 471, CYFIRMA, and Zimperium, respectively. FvncBot, which masquerades as a security app developed by mBank, targets mobile banking users in Poland. What's notable about the malware

One-Person Production: Wondershare Filmora V15 Empowers Solo Creators With AI

AI is transforming the video-making process of creators. Learn how WondershareFilmora V15 helps individual creators edit smarter using powerful AI.

Leaks show Intellexa burning zero-days to keep Predator spyware running

A fresh investigation uncovers how Predator spyware still reaches victims through high-priced, newly bought zero-days.

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware, Amnesty International said in a report. The link, the non-profit organization said, is a "Predator attack attempt based on the technical behaviour of the infection

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.”

Canadian police trialling facial recognition bodycams

Facial recognition software has long been criticized for accuracy issues and past wrongful arrests.

Canadian police trialing facial recognition bodycams

Facial recognition software has long been criticized for accuracy issues and past wrongful arrests.

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical

Fileless protection explained: Blocking the invisible threat others miss

Your antivirus scans files. But what about attacks that never create files? Here's how we catch the threats hiding on your family's computers.