Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-hmp7-x699-cvhq: Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR

### Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. ### Details: The `EventSource` and `Sensor` CRs allow the corresponding orchestrated pod to be customized with `spec.template` and `spec.template.container` (with type `k8s.io/api/core/v1.Container`), thus, any specification under `container` such as `command`, `args`, `securityContext `, `volumeMount` can be specified, and applied to the EventSource or Sensor pod due to the code logic below. ```golang if args.EventSource.Spec.Template != nil && args.EventSource.Spec.Template.Container != nil { if err := mergo.Merge(&eventSourceContainer, args.EventSource.Spec.Template.Container, mergo.WithOverride); err != nil { return nil, err } } ``` With these, A user would be able to gain privileged access to the cluster host, if he/she specified the Even...

ghsa
Open in Source
#vulnerability#web#ubuntu#git#kubernetes
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution

A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.

Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage

Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here's how experts say you can get eyes on it all.

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The

GHSA-6rqh-8465-2xcw: Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials.

GHSA-wwhj-pw6h-f8hw: Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.

GHSA-rq77-p4h8-4crw: gorilla/csrf CSRF vulnerability due to broken Referer validation

### Summary gorilla/csrf is vulnerable to CSRF via form submission from origins that share a top level domain with the target origin. ### Details gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the `r.URL.Scheme` value. However, this value is never populated for "server" requests [per the Go spec](https://pkg.go.dev/net/http#Request), and so this check does not run in practice. ``` // URL specifies either the URI being requested (for server // requests) or the URL to access (for client requests). // // For server requests, the URL is parsed from the URI // supplied on the Request-Line as stored in RequestURI. For // most requests, fields other than Path and RawQuery will be // empty. (See [RFC 7230, Section 5.3](https://rfc-editor.org/rfc/rfc7230.html#section-5.3)) // // For client r...

GHSA-vw58-ph65-6rxp: Directus inserts access token from query string into logs

### Summary Access token from query string is not redacted and is potentially exposed in system logs which may be persisted. ### Details The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. ### PoC 1. Set `LOG_LEVEL="raw"` in the environment. 2. Send a request with the `access_token` in the query string. 3. Notice that the `access_token` in `req.query` is not redacted. ### Impact It impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string.

A New 'It RAT': Stealthy 'Resolver' Malware Burrows In

A new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it's downright difficult to count them all.

No, it’s not OK to delete that new inetpub folder

A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204