Security
Headlines
HeadlinesLatestCVEs

Tag

#web

AI-Powered DEI Web Accessibility Hackathon 2025: Technical Innovations and Real-World Impact

Following the success of the Neuro Nostalgia Hackathon that closed out in 2024, Hackathon Raptors has completed its…

HackRead
Open in Source
#web#mac#git#perl
1 in 10 people do nothing to stay secure and private on vacation

Spring Break vacationers could open themselves up to online scams and cyberthreats this year, according to new research from Malwarebytes.

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions

Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and privacy. "The features available in CSS allow attackers and spammers to track users' actions and

LockBit Developer Rostislav Panev Extradited from Israel to the US

The US extradites LockBit ransomware developer, Rostislav Panev, from Israel. Learn how his arrest impacts the fight against…

Cybersecurity in Crypto: Best Practices to Prevent Theft and Fraud

Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets…

ClickFix: How to Infect Your PC in Three Easy Steps

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

GHSA-6m2c-76ff-6vrf: Qiskit allows arbitrary code execution decoding QPY format versions < 13

### Impact A maliciously crafted QPY file containing can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. ### Patches Fixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2

GHSA-vhv4-fh94-jm5x: JS Html Sanitizer allows XSS when used with contentEditable

### Impact XSS vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. ### Patches Patched in version 2.0.3

GHSA-xc76-5pf9-mx8m: In Azle, calling `setTimer` causes infinite loop of timers

### Impact Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of `setTimer`. ### Patches The problem has been fixed as of Azle version `0.30.0`. ### Workarounds If a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop.