Security
Headlines
HeadlinesLatestCVEs

Tag

#redis

July Linux Patch Wednesday

July Linux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild (CISA KEV): 🔻 SFB – Chromium (CVE-2025-6554) There are also 36 (❗️) vulnerabilities for which public exploits are available or suspected to […]

Alexander V. Leonov
Open in Source
#xss#vulnerability#linux#redis#git#php#chrome#blog
GameForge AI Hackathon 2025: Building the Bridge Between Natural Language and Game Creation

A 72-hour sprint that produced working solutions for one of game development's hardest problems: making it accessible to non-programmers.

Ethereum’s Pivotal Role in Decentralized Finance Evolution

Once upon a time, say, 2016, Ethereum was a curious new arrival in the crypto space. It promised…

GHSA-g3p6-82vc-43jh: Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

### Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs.

The US Is Storing Migrant Children’s DNA in a Criminal Database

Customs and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future.

Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. "RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,"

Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…

AutonomyAI Emerges from Stealth with $4M Pre-Seed Funding to Transform Front-End Development with Autonomous AI Agents

The first-of-its-kind solution integrates with company codebases, enabling AI agents to work in-context and generate production-grade, front-end code in minutes.

Fake Snow White Movie Torrent Infects Devices with Malware

Disney’s latest Snow White movie, with a 1.6/10 IMDb rating, isn’t just the biggest flop the company has…

GHSA-92cp-5422-2mw7: go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

### Impact The issue only occurs when the `CLIENT SETINFO` command times out during connection establishment. The following circumstances can cause such a timeout: 1. The client is configured to transmit its identity. This can be disabled via the `DisableIndentity` flag. 2. There are network connectivity issues 3. The client was configured with aggressive timeouts The impact differs by use case: * **Sticky connections**: Rather than using a connection from the pool on-demand, the caller can stick with a connection. Then you receive persistent out-of-order responses for the lifetime of the connection. * **Pipelines**: All commands in the pipeline receive incorrect responses. * **Default connection pool usage without pipelining**: When used with the default [ConnPool](https://github.com/redis/go-redis/blob/8fadbef84a3f4e7573f8b38e5023fd469470a8a4/internal/pool/pool.go#L77) once a connection is returned after use with [ConnPool#Put](https://github.com/redis/go-redis/blob/8fadbef84a3f4...