Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

In Appreciation: Amit Yoran, Tenable CEO, Passes Away

Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer.

DARKReading
Open in Source
#vulnerability#microsoft#cisco#git
New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages

SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data.

GHSA-2p95-8xvm-2pjx: REDAXO CMS Cross-site Scripting vulnerability

A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.

GHSA-m78c-qx99-mvw9: Grav Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

GHSA-v6jv-p6r8-j78w: NiceGUI On Air authentication issue

### Summary Once a user logins to one browser, all other browsers are logged in without entering password. Even incognito mode. ### Impact high

GHSA-r9px-m959-cxf4: go-git clients vulnerable to DoS via maliciously crafted Git server replies

### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.13`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.13` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us.

GHSA-v725-9546-7q7m: go-git has an Argument Injection via the URL field

### Impact An argument injection vulnerability was discovered in `go-git` versions prior to `v5.13`. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to [git-upload-pack flags](https://git-scm.com/docs/git-upload-pack). This only happens when the `file` transport protocol is being used, as that is the only protocol that shells out to `git` binaries. ### Affected versions Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.13` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend users to enforce restrict validation rules for values passed in the URL field. ## Credit Thanks to @vin01 for responsibly disclosing this vulnerability to us.

IoT's Regulatory Reckoning Is Overdue

New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation.

Will AI Code Generators Overcome Their Insecurities This Year?

In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities.

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]

Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive into the hidden risks, surprising loopholes, and the clever tricks