#web

Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses. The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has allowed it to confiscate the malicious

### Summary The `RedirectSlashes` function in middleware/strip.go does not perform correct input validation and can lead to an open redirect vulnerability. ### Details The `RedirectSlashes` function performs a `Trim` to all forward slash (`/`) characters, while prepending a single one at the begining of the path (Line 52). However, it does not trim backslashes (`\`). ```go File: middleware/strip.go 41: func RedirectSlashes(next http.Handler) http.Handler { ... 51: // Trim all leading and trailing slashes (e.g., "//evil.com", "/some/path//") 52: path = "/" + strings.Trim(path, "/") ... 62: } ``` Also, from version 5.2.2 onwards the `RedirectSlashes` function does not take into consideration the `Host` Header in the redirect response returned. This was done in order to combat another [[vulnerability](https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93)](https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93). The above make it possible for a ...

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS)

Researchers have discovered VoidLink, a sophisticated new Linux malware framework designed to infiltrate AWS, Google Cloud, and Azure. Learn how this Chinese-affiliated toolkit uses adaptive stealth to stay hidden.

A successful e-commerce platform requires more than just a good-looking design. Security, stability, speed, and scalability are key…

### Impact html2pdf.js contains a cross-site scripting (XSS) vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing malicious scripts to be run on the client browser and risking the confidentiality, integrity, and availability of the page's data. Example attack vector: ```js import html2pdf from 'html2pdf.js/src/index.js'; const maliciousHTML = '<img src=x onerror="alert(document.cookie)">'; html2pdf(maliciousHTML); // or html2pdf().from(maliciousHTML); ``` ### Patches This vulnerability has been fixed in html2pdf.js@0.14.0 to sanitize text sources using DOMPurify. There are no other breaking changes in this version. ### Workarounds Users of earlier versions of html2pdf.js must safely sanitize any text before using it as a source in html2pdf.js. ### References - Initial report: https://github.com/eKoopmans/html2pdf.js/issues/865 - Fix: https://github.com/eKoopmans/html2pdf.js/pull/877, [v0....

### Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new header) or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input directly into headers. The server part is not affected because BlackSheep delegates to an underlying ASGI server handling of response headers. **Attack vector:** Applications using user input in HTTP client requests (method, URL, headers). ### Patches Users who use the HTTP Client in BlackSheep should upgrade to `2.4.6`. ### Workarounds If users handle headers from untrusted parties, they might reject values for header names and values that contain carriage returns. ### References https://owasp.org/www-community/vulnerabilities/CRLF_Injection

### Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. ### Patches * https://github.com/WeblateOrg/weblate/pull/17516 ### References Thanks to Lukas May and Michael Leu for reporting this.

Fake LinkedIn comments warning of account restrictions are designed to trick users into revealing their login details.

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (