#mac

## Impact _What kind of vulnerability is it? Who is impacted?_ An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. ## Disclosure Evmos versions below `v11.0.1` do not check for `MsgEthereumTx` messages that are nested under other messages. This allows a malicious actor to perform EVM transactions that do not meet the checks performed under `newEthAnteHandler`. This opens the possibility for the DOS of validators and consequently halt the chain through an infinite EVM execution. ### Additional details The attack scenario is as follows: 1. The attacker deploys a simple smart contract with an infinite loop to the chain. 2. The attacker calls the smart contract using an embedded transaction with an extremely high gas value (`uint64` max or similar). 3. Once the transaction is included in a block, nodes will try to execute the EVM transaction with almost infinite gas and get stuck. **This stops...

Having a solid disaster recovery plan is the glue that keeps your essential functions together when all hell breaks loose.

The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.

Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.

Quantum computing on the level that poses a threat to current cybersecurity measures is still years off. Here's what enterprises can do now to avoid future disruptions.

Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.

Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.

The scam is spreading across the US and impersonates the specific toll-collection services of each state in malicious SMS messages.

An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.