Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Chat App Used by Trump Admin Suspends Operation Amid Hack

TM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach…

HackRead
Open in Source
#vulnerability#web#ios#android#mac#amazon#aws#auth#sap
GHSA-892p-pqrr-hxqr: Information Disclosure via Flags override link

## Summary An information disclosure vulnerability affecting Flags SDK has been addressed. It impacted `flags` ≤3.2.0 and `@vercel/flags` ≤3.1.1 and in certain circumstances, allowed a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (`.well-known/vercel/flags`). ## Impact This vulnerability allowed for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the: - Flag names - Flag descriptions - Available options and their labels (e.g. `true`, `false`) - Default flag values Not impacted: - Flags providers were not accessible No write access nor additional customer data was exposed, this is limited to just the values noted above. Vercel has automatically mitigated this incident on behalf of our customers for the default flags discovery endpoint at `.well-known/vercel/flags`. Flags Explorer will be disabled and show a warning...

On world password day, Microsoft says fewer passwords, more passkeys

Passwords are becoming things of the past. Passkeys are more secure, easier to manage, and speed up the log in process

Understanding the challenges of securing an NGO

Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure.

GHSA-vc6m-hm49-g9qg: phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

### Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens (e.g., <|audio_*|>, <|image_*|>) with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the algorithm exhibits ​​quadratic time complexity (O(n²))​​, allowing malicious actors to trigger resource exhaustion via specially crafted inputs. ### Details ​​Affected Component​​: input_processor_for_phi4mm function. https://github.com/vllm-project/vllm/blob/8cac35ba435906fb7eb07e44fe1a8c26e8744f4e/vllm/model_executor/models/phi4mm.py#L1182-L1197 The code modifies the input_ids list in-place using input_ids = input_ids[:i] + tokens + input_ids[i+1:]. Each concatenation operation copies the entire list, leading to O(n) operations per replacement. For k placeholders expanding to m tokens, total time becomes O(kmn), approximating O(n²) in worst-case scenarios. ### PoC ...

Darcula Phishing Kit Uses AI to Evade Detection, Experts Warn

Darcula phishing platform adds AI to create multilingual scam pages easily. Netcraft warns of rising risks from Darcula-Suite…

Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show

Records reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features.

AI is getting “creepy good” at geo-guessing

After hearing about ChatGPT o3 ability at geo-guessing we decided to run some tests and the tested AIs didn't fail to amaze us

Protecting Your Phone—and Your Privacy—at the US Border

In this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States—and how to stay safe.