Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-887c-mr87-cxwp: PyTorch Improper Resource Shutdown or Release vulnerability

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue.

ghsa
#vulnerability#web#dos#auth
Multiple Groups Exploit NTLM Flaw in Microsoft Windows

The attacks have been going on since shortly after Microsoft patched the vulnerability in March.

Hi, robot: Half of all internet traffic now automated

Bots now account for half of all internet traffic, according to a new study that shows how non-human activity has grown online.

China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks

Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe.

Ransomware gang 'CrazyHunter' Targets Critical Taiwanese Orgs

Trend Micro researchers detailed an emerging ransomware campaign by a new group known as "CrazyHunter" that is targeting critical sectors in Taiwan.

‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program

The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

NIST Updates Privacy Framework With AI and Governance Revisions

Changes aim to tighten integration with the National Institute of Standards and Technology's Cybersecurity Framework and help organizations develop a stronger posture to handle privacy risks.

GHSA-vvgc-356p-c3xw: golang.org/x/net vulnerable to Cross-site Scripting

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

GHSA-2689-cw26-6cpj: Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.

GHSA-mj2p-v2c2-vh4v: Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.