#php

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real

Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data.

### Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. ### Am I affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0 Symfony SDK with versions between 2.0.2 and 5.4.1, 2. Auth0 Symfony SDK uses the Auth0-PHP SDK with versions between 3.3.0 and 8.16.0. ### Fix Upgrade Auth0/symfony to version 5.5.0 or greater. ### Acknowledgement Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.

### Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. ### Am I affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0 Wordpress plugin with version between 5.0.0-BETA0 and 5.3.0, 2. Auth0 Wordpress plugin uses the Auth0-PHP SDK with versions between 3.3.0 and 8.16.0. ### Fix Upgrade Auth0 Wordpress plugin to version 5.4.0 or greater. ### Acknowledgement Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.

### Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. ### Am I affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0 laravel-auth0 SDK with version between 4.0.0 and 7.18.0, 2. Auth0 laravel-auth0 SDK uses the Auth0-PHP SDK with versions between 3.3.0 and 8.16.0. ### Fix Upgrade Auth0 laravel-auth0 SDK to version 7.19.0 or greater. ### Acknowledgement Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.

### Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. ### Am I affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0-PHP SDK, versions between v3.3.0 and v8.16.0, or 2. Applications using the following SDKs that rely on the Auth0-PHP SDK versions between v3.3.0 and v8.16.0: a. Auth0/symfony, b. Auth0/laravel-auth0, c. Auth0/wordpress. ### Fix Upgrade Auth0/Auth0-PHP to version 8.17.0 or greater. ### Acknowledgement Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.

### Summary The `/mpl/<port>/<route>` endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. ### Details This route is used internally to provide access to interactive matplotlib visualizations. [marimo/marimo/_server/main.py at main · marimo-team/marimo](https://github.com/marimo-team/marimo/blob/main/marimo/_server/main.py) This endpoint functions as an unauthenticated proxy, allowing an attacker to connect to any service running on the local machine via the specified `<port>` and `<route>`. The existence of this proxy is visible in the application's code (marimo/_server/main.py), but there's no official documentation or warning about its behavior or potential risks. ### Impact CWE-441: Proxying Without Authentication This vulnerability, as it can be used to bypass firewalls and access internal services that are intended to be local-only. The level of impact depends ent...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Megasys Enterprises Equipment: Telenium Online Web Application Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP request, leading to remote code execution on the server in the security context of the web application service account. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MegaSys Enerprises products are affected: Telenium Online Web Application: Versions 8.4.21 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input. This vulnerability occurs due to the insecure termin...

Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security

eSentire TRU analyses the new DarkCloud V4.2 infostealer, rewritten in VB6. Find out how the malware steals browser data, crypto, and contacts via targeted phishing.