Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and

The Hacker News
Open in Source
#vulnerability#ios#linux#rce#perl#bios#wifi#The Hacker News
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature." It also

Stolen data from scraping service National Public Data leaked online

Cybercriminals have leaked records from National Public Data, a data scraping service that provides background checks.

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows.

Open WebUI 0.1.105 Persistent Cross Site Scripting

Open WebUI version 0.1.105 suffers from a persistent cross site scripting vulnerability.

GHSA-27wp-jvhw-v4xp: Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag

### Impact Shopware has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. It accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. ### Patches Update to Shopware 6.6.5.1 or 6.5.8.13 ### Workarounds For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

GHSA-hhcq-ph6w-494g: Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api

### Impact The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. The processing of the Criteria did not considered ManyToMany associations and so they were not considered properly and the protections didn't get used. This issue cannot be reproduced with the default entities by Shopware, but can be triggered with extensions. ### Patches Update to Shopware 6.6.5.1 or 6.5.8.13 ### Workarounds For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

Windows Firewall Control 6.11.0 Unquoted Service Path

Windows Firewall Control version 6.11.0 suffers from an unquoted service path vulnerability.