Security
Headlines
HeadlinesLatestCVEs

Tag

#samba

GHSA-qc2h-74x3-4v3w: MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion

### Summary Nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. ### Details The MaterialX [specification](https://github.com/AcademySoftwareFoundation/MaterialX/blob/main/documents/Specification/MaterialX.Specification.md#mtlx-file-format-definition) supports importing other files by using `XInclude` tags. When parsing file imports, recursion is used to process nested files in the form of a tree with the root node being the first MaterialX files parsed. However, there is no limit imposed to the depth of files that can be parsed by the library, therefore, by building a sufficiently deep chain of MaterialX files one referencing the next, it is possible to crash the process using the MaterialX library via stack exhaustion. ### PoC This test is going to employ Windows UNC paths, in order to make the Proof Of Concept more realistic. In fact, by using windows network shares, an attacker would be able t...

ghsa
Open in Source
#vulnerability#mac#windows#linux#dos#git#samba
Top IT Staff Augmentation Companies in USA 2025

Staff augmentation is a strategy for smart tech teams looking to launch something big. Trying to plug skill gaps or scale without the overhead? Collaborate with a trusted IT staff augmentation company.

Unmasking the new Chaos RaaS group attacks

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.

Dark Web Hackers Moonlight as Travel Agents

Hackers are using stolen goods such as credit cards and loyalty points to book travel for sometimes unsuspecting clients, and remote workers, SMBs, travel brands, and others are at risk.

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it’s a very short one. 🙂 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) Only three trending vulnerabilities: 🔻 Remote Code Execution – Internet Shortcut Files (CVE-2025-33053)🔻 Elevation of Privilege – Windows SMB Client […]

Talos IR ransomware engagements and the significance of timeliness in incident response

The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements.

About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability

About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability. A vulnerability from the June Microsoft Patch Tuesday allows an attacker to execute a malicious script, forcing the victim’s host to connect to the attacker’s SMB server and authenticate, resulting in gaining SYSTEM privileges. 🔹 Details on how to exploit the vulnerability were published on […]

AirMDR Tackles Security Burdens for SMBs With AI

The security startup provides managed detection and response services for small to midsize businesses to detect and address modern threats, such as ransomware, phishing attacks, and malicious insiders.

CVE-2025-48802: Windows SMB Server Spoofing Vulnerability

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.