Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

8 Malicious NPM Packages Stole Chrome User Data on Windows

JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…

HackRead
Open in Source
#mac#windows#google#nodejs#git#auth#chrome
GHSA-v2ch-c8v8-fgr7: Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. ### Reproduction Setup versity server running on port 7071, no SSL (for ease of packet tracing with tshark). Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070. This does have to be SSL enabled for the repro to occur. nginx config: ``` upstream tony_versity { server 127.0.0.1:7071; keepalive 15; } server { listen 7070 ssl ; access_log /var/log/nginx/tony_versity_proxy.access.log; error_log /var/log/nginx/tony_versity_proxy.error.log; # Allow any size file to be uploaded. client_max_body_size 0; # Allow special characters in headers ignore_invalid_headers off; # Disable buffering proxy_buffering off; proxy_request_buffering off; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; ssl_certificate "/WS/TEMP/lh.crt"; ss...

Red Hat Trusted Artifact Signer can now be hosted on RHEL

Organizations looking to better understand the lineage of their software artifacts have begun to adopt signing as a way to improve their security posture. By applying digital signatures to software artifacts, trust can be established to verify that assets have not been substituted or tampered with through the software development and delivery process.Red Hat Trusted Artifact Signer, a key component of Red Hat’s Trusted Software Supply Chain portfolio, provides a suite of tools that supports signing and verifying assets from first commit to deployment. Since Trusted Artifact Signer was first

CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation

CISA has added three actively exploited vulnerabilities in Citrix and Git to its KEV Catalogue. Federal agencies must…

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We've since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called "Gambler Panel" that bills itself as a "soulless project that is made for profit."

Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack

A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…

Google Big Sleep AI Tool Finds Critical Chrome Vulnerability

Make sure your Chrome browser is updated to the latest version to stay protected.

The Role of Enterprise Email Security in Modern Cybersecurity Strategies

Email has always been a double-edged sword in the world of business. On one hand, it’s the fastest,…

First AI-Powered Ransomware PromptLock Targets Windows, Linux and macOS

ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux…

Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in