Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

GHSA-hmvq-8p83-cq52: DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload

### Summary Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. ### Details DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of `CVE-2025-48378`. However, the checks to ensure there are no script elements within the SVG files are not comprehensive and may allow some malicious SVG files to be uploaded. As this vulnerability allows for the execution of arbitrary JavaScript code within the context of the user's browser, it can lead to a range of attacks, including data exfiltration, session hijacking, and defacement of the web application to name a few.

ghsa
Open in Source
#xss#vulnerability#web#ios#java
Ex-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian Firm

Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has pleaded guilty to two counts of stealing trade secrets and selling them to an unnamed Russian software broker.

New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT and Perplexity. The technique has been

OpenAI’s Atlas browser leaves the door wide open to prompt injection

By blending search and chat in one field, OpenAI’s Atlas has made browsing more convenient—and more dangerous.

This Is the Nuclear-Powered Ship Deployed in Trump’s War on Drug Boats

The USS Gerald R. Ford is a $13 billion aircraft carrier sailing to the Caribbean with nuclear propulsion, an electromagnetic plane launcher, and 90 aircraft onboard.

How to set up two factor authentication (2FA) on your Instagram account

Step-by-step instructions on how to enable 2FA on your Instagram account—for Android, iOS, and on the web.

New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code. "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX

⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here’s how that false sense of security

AI for the Financial Sector: How Strategy Consulting Helps You Navigate Risk

The financial industry is transforming as artificial intelligence (AI) is becoming an integral tool for managing operations, improving…