#vulnerability

### Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. ### Details When parsing `STORAGE_DEEP_SCANLINE` chunks from an EXR file, the following code (from `src/lib/OpenEXRCore/chunk.c`) is used to extract the chunk information: ```cpp if (part->storage_mode == EXR_STORAGE_DEEP_SCANLINE) // SNIP... cinfo->sample_count_data_offset = dataoff; cinfo->sample_count_table_size = (uint64_t) ddata[0]; cinfo->data_offset = dataoff + (uint64_t) ddata[0]; cinfo->packed_size = (uint64_t) ddata[1]; cinfo->unpacked_size = (uint64_t) ddata[2]; // SNIP... ``` By storing this information, the code that will later decompress and reconstruct the chunk bytes, will know how much space the uncompressed data will occupy. This size is carried along in the chain of decoding/decompression...

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.

This week Bill connects the hype of literary awards to cybersecurity conference season. We highlight key insights from the Q2 2025 IR Trends report, including phishing trends, new ransomware strains, and top targeted sectors. Finally, check out all the places Talos will be at Black Hat.

Beware of Epsilon Red ransomware as attackers impersonate Discord, Twitch and OnlyFans using fake verification pages with .HTA files and ActiveX to spread malware.

The FSB cyberespionage group known as Turla seems to have used its control of Russia's network infrastructure to meddle with web traffic and trick diplomats into infecting their computers.

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned.

This appears to be a security vulnerability report describing a remote code execution (RCE) exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from ModelScope. This occurs when using machine torch version < 2.6.0, while ms-swift accepts torch version >= 2.0 **I. Detailed Description:** 1. Install ms-swift ``` pip install ms-swift -U ``` 2. Start web-ui ``` swift web-ui --lang en ``` 3. After startup, you can access [http://localhost:7860/](http://localhost:7860/) through your browser to see the launched fine-tuning framework program 4. Upload an adapter model repository (cyjhhh/lora_adapter_4_llama3) on ModelScope, where the lora/adapter_model.bin file is generated through the following code: ```python import torch, pickle, os class MaliciousPayload: def __reduce__(self): return (os.system, ("touch /tmp/malicious.txt",)) # A...

**I. Detailed Description:** 1. Install ms-swift ``` pip install ms-swift -U ``` 2. Start web-ui ``` swift web-ui --lang en ``` 3. After startup, access through browser at [http://localhost:7860/](http://localhost:7860/) to see the launched fine-tuning framework program 4. Fill in necessary parameters In the LLM Training interface, fill in required parameters including Model id, Dataset Code. The --output_dir can be filled arbitrarily as it will be modified later through packet capture 5. Click Begin to start training. Capture packets and modify the parameter corresponding to --output_dir You can see the concatenated command being executed in the terminal where web-ui was started 6. Wait for the program to run (testing shows it requires at least 5 minutes), and you can observe the effect of command execution creating files **II. Vulnerability Proof:** ``` /tmp/xxx'; touch /tmp/inject_success_1; # ``` **III. Fix Solution:** 1. The swift.ui.llm_train.llm...

Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection.