#ios

A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. "We have proven that

## Summary Identity spoofing in X.509 client certificate authentication in Openfire allows internal attackers to impersonate other users via crafted certificate subject attributes, due to regex-based extraction of CN from an unescaped, provider-dependent DN string. ## Analysis Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1 data, the code calls `X509Certificate.getSubjectDN().getName()` and applies a regex to look for `CN=`. This method produces a provider-dependent string that does not escape special characters. In SunJSSE (`sun.security.x509.X500Name`), for example, commas and equals signs inside attribute values are not escaped. As a result, a malicious certificate can embed `CN=` inside another attribute value (e.g. `OU="CN=admin,"`). The regex will incorrectly interpret this as a legitimate Common Name and extract admin. If SASL EXTERNAL...

### Summary --- A Server-Side Request Forgery (SSRF) vulnerability was discovered in the `/api/v1/fetch-links` endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The impact includes the potential exposure of sensitive internal administrative endpoints. ### Details --- #### Vulnerability Overview The `fetch-links` feature in Flowise is designed to extract links from external websites or XML sitemaps. It performs an HTTP request from the server to the user-supplied URL and parses the response (HTML or XML) to extract and return links. The issue arises because the feature performs these HTTP requests **without validating the user-supplied URL**. In particular, when the `relativeLinksMethod` parameter is set to `webCrawl` or `xmlScrape`, the server directly calls the `fetch()` function with the provided URL, making it vulnerable to SSRF attacks. ###...

### Summary Certain bulk action calls with a `before_transaction` hook and no `after_transaction` hook, will call the `before_transaction` hook before authorization is checked and a Forbidden error is returned, when called as a bulk action. The impact is that a malicious user could cause a `before_transaction` to run even though they are not authorized to perform the whole action. The `before_action` could run a sensitive/expensive operation. ### Impact A malicious user could cause a `before_action` to run even though they are not authorized to perform the whole action. You are affected if you have an create, update or destroy action that: - has a before_transaction hook on it, and no after_transaction hook on it. - is being used via an `Ash.bulk_*` callback (which AshJsonApi and AshGraphql do for update/destroy actions) Whether or not or how much it matters depends on the nature of those before_transaction callbacks. If those before_transaction callbacks are side-effectful, or ju...

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective.  What is a browser-based attack? First, it’s important to establish what a browser-based attack is. In most scenarios, attackers don’t think of themselves as attacking your web browser.

In a world where threats are persistent, the modern CISO’s real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the

A list of topics we covered in the week of September 8 to September 14 of 2025

Samsung patched CVE-2025-21043, a critical flaw in its Android devices exploited in live attacks. Users urged to install September 2025 update.

Plus: ICE deploys secretive phone surveillance tech, officials warn of Chinese surveillance tools in US highway infrastructure, and more.

We often don’t find out the real details of a scam, and how one ‘like’ can turn into a nightmare that controls someone’s life for many years. This is that story.