#web

### Impact OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. ### Patches In OpenBao v2.2.2 and later, manually setting the configuration option `disable_unauthed_rekey_endpoints=true` allows an operator to deny these rarely-used endpoints on global listeners. In a future OpenBao release [communicated on our website](https://openbao.org/docs/deprecation/), we will set this to `true` for all users and provide an authenticated alternative. This vulnerability has been disclosed to HashiCorp; see their website for more information. ### Workarounds If an active proxy or load balancer sits in front of OpenBao, an operator can deny requests to these endpoints from unauthorized IP ranges. ### References See the [deprecation notice](https://openbao.org/docs/deprecation/unauthed-rekey/).

ZURICH, Switzerland – Zurich-based automation platform Flowable has been recognized as a Representative Vendor in the Gartner newly released…

Cybercriminals are using jailbroken AI models to assist them in designing campaigns and improving their tactics.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Low attack complexity Vendor: TrendMakers Equipment: Sight Bulb Pro Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Improper Neutralization of Special Elements used in a Command ('Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to capture sensitive information and execute arbitrary shell commands on the target device as root if connected to the local network segment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the Sight Bulb Pro Firmware are affected: Sight Bulb Pro Firmware ZJ_CG32-2201: Version 8.57.83 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt co...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Air conditioning systems Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following air conditioning systems are affected: G-50: Ver.3.37 and prior G-50-W: Ver.3.37 and prior G-50A: Ver.3.37 and prior GB-50: Ver.3.37 and prior GB-50A: Ver.3.37 and prior GB-24A: Ver.9.12 and prior G-150AD: Ver.3.21 and prior AG-150A-A: Ver.3.21 and prior AG-150A-J: Ver.3.21 and prior GB-50AD: Ver.3.21 and prior GB-50ADA-A: Ver.3.21 and prior GB-50ADA-J: Ver.3.21 and prior EB-50GU-A: Ver.7.11 and prior EB-50GU-J: Ver.7.11 and prior AE-200J: Ver.8.01 and prior AE-200A: Ver.8.01 and prior AE-200E: Ver.8.01 and prior AE-50J: Ver.8.01 and prior AE-50A: Ver.8.01 an...

### Summary A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitrary files from the file system and potentially trigger server-side request forgery (SSRF). ### Details In `\allure2-main\plugins\xunit-xml-plugin\src\main\java\io\qameta\allure\xunitxml\XunitXmlPlugin.java` the application uses `DocumentBuilderFactory` without disabling DTDs or external entities. By generating a report with a malicious xml file within it, an attacker can perform XXE to leverage SSRF, or to read system files. ### PoC To recreate this vulnerability, you need to install allure for command-line (In my POC I used a Windows 11 Machine). 1. Create a folder called `allure`, and within it, create a malicious XML file. I will attach my SSRF and file reading payloads, however...

Cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs and jailbreaking legitimate LLMs.

"Hello pervert" sextortion emails are going through some changes and the price they're demanding has gone up considerably.

Wordfence exposes a sophisticated WordPress malware campaign using a rogue WordPress Core plugin. Active since 2023, it steals credit cards and credentials with advanced anti-detection.

What happens in the privacy of your own home stays there. Or does it?