Security
Headlines
HeadlinesLatestCVEs

Tag

#oracle

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to

The Hacker News
Open in Source
#sql#vulnerability#android#mac#windows#google#microsoft#amazon#ubuntu#linux#debian#cisco#red_hat#dos#js#git#oracle#rce#perl#samba#vmware#lenovo#samsung#auth#ibm#dell#zero_day#chrome#firefox#sap#The Hacker News
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure

Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws. HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,

The Mysterious Shortwave Radio Station Stoking US-Russia Nuclear Fears

A popular shortwave Russian radio station dubbed “UVB-76” has been an enigma for decades. But its recent messages have turned it into a tool for Kremlin saber-rattling.

Europol Denies $50K Reward for Qilin Ransomware, Calls It a Scam

Europol has confirmed that a widely reported $50,000 reward for information on the Qilin ransomware group is a…

ReVault! When your SoC turns against you… deep dive edition

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World

At the Defcon security conference in Las Vegas on Friday, Nakasone tried to thread the needle in a politically fraught moment while hinting at major changes for the tech community around the corner.

Navigating Cybersecurity Risks in Crypto-Backed Lending

As crypto-backed lending gathers momentum among institutions and everyday users, cybersecurity shadows every new transaction. Billions in digital…

GHSA-g693-v3jr-8hcr: Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. ### Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key.

GHSA-p9qm-p942-q3w5: XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API

### Impact It's possible to execute any SQL query in Oracle by using the function like [DBMS_XMLGEN or DBMS_XMLQUERY](https://docs.oracle.com/en/database/oracle/oracle-database/19/arpls/DBMS_XMLGEN.html). The XWiki#searchDocuments APIs are not sanitizing the query at all and even if they force a specific select, Hibernate allows using any native function in an HQL query (for example in the WHERE). ### Patches This has been patched in 16.10.6 and 17.3.0-rc-1. ### Workarounds There is no known workaround, other than upgrading XWiki. ### References https://jira.xwiki.org/browse/XWIKI-22728 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org)

Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.