#perl

Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more.

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.

Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google's Gemini AI. Learn why AI assistants are the new weak link.

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real

### Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. ### Am I affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0 Symfony SDK with versions between 2.0.2 and 5.4.1, 2. Auth0 Symfony SDK uses the Auth0-PHP SDK with versions between 3.3.0 and 8.16.0. ### Fix Upgrade Auth0/symfony to version 5.5.0 or greater. ### Acknowledgement Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.

### Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. ### Am I affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0 Wordpress plugin with version between 5.0.0-BETA0 and 5.3.0, 2. Auth0 Wordpress plugin uses the Auth0-PHP SDK with versions between 3.3.0 and 8.16.0. ### Fix Upgrade Auth0 Wordpress plugin to version 5.4.0 or greater. ### Acknowledgement Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.

### Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. ### Am I affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0 laravel-auth0 SDK with version between 4.0.0 and 7.18.0, 2. Auth0 laravel-auth0 SDK uses the Auth0-PHP SDK with versions between 3.3.0 and 8.16.0. ### Fix Upgrade Auth0 laravel-auth0 SDK to version 7.19.0 or greater. ### Acknowledgement Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.

### Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. ### Am I affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0-PHP SDK, versions between v3.3.0 and v8.16.0, or 2. Applications using the following SDKs that rely on the Auth0-PHP SDK versions between v3.3.0 and v8.16.0: a. Auth0/symfony, b. Auth0/laravel-auth0, c. Auth0/wordpress. ### Fix Upgrade Auth0/Auth0-PHP to version 8.17.0 or greater. ### Acknowledgement Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. "They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Megasys Enterprises Equipment: Telenium Online Web Application Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP request, leading to remote code execution on the server in the security context of the web application service account. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MegaSys Enerprises products are affected: Telenium Online Web Application: Versions 8.4.21 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input. This vulnerability occurs due to the insecure termin...