Latest News

LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.

### Impact IdentityServer's local API authentication handler performs insufficient validation of the `cnf` claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even without possessing the private key for signing proof tokens. Note that this only impacts custom endpoints within an IdentityServer implementation that have explicitly used the `LocalApiAuthenticationHandler` for authentication. It does not impact: - OAuth or OIDC protocol endpoints defined by IdentityServer, such as the authorize and token endpoints. - Typical UI pages within an IdentityServer implementation, which are not normally authorized with the local API authentication handler. - The use of DPoP to create sender-constrained tokens in IdentityServer that are consumed by external API resources. - The use of DPoP to sender-constrain refresh tokens issued to public clients. ## Are you affected? This vulnerability only affects IdentityServer implementations that a...

Cary, NC, 28th October 2024, CyberNewsWire

### Summary An issue on Coder's login page allows attackers to craft a Coder URL that when clicked by a logged in user could redirect them to a website the attacker controls, e.g. https://google.com. ### Details On the login page, Coder checks for the presence of a `redirect` query parameter. On successful login, the user would be redirected to the location of the parameter. Improper sanitization allows attackers to specify a URL outside of the Coder application to redirect users to. ### Impact Coder users could potentially be redirected to a untrusted website if tricked into clicking a URL crafted by the attacker. Coder authentication tokens are **not** leaked to the resulting website. To check if your deployment is vulnerable, visit the following URL for your Coder deployment: - `https://<coder url>/login?redirect=https%3A%2F%2Fcoder.com%2Fdocs` ### Patched Versions This vulnerability is remedied in - v2.16.1 - v2.15.3 - v2.14.4 All versions prior to 2.3.1 are not affected. ###...

### Impact The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. ### Patches The issue is addressed in MPXJ version 13.5.1 ### Workarounds Do not pass zip files to MPXJ. ### References N/A

### Summary Due to a race condition in a global variable, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This was resolved by https://github.com/argoproj/argo-workflows/pull/13641 ### Details These two lines introduce a data race in the underlying SPDY implementation of the Kubernetes API client. If a second request is made before the first completes, it results in a panic due to a null pointer. * https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L49 * https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75 This appears to have been added in this commit https://github.com/argoproj/argo-workflows/commit/9756babd0ed589d1cd24592f05725f748f74130b / #13265 / v3.6.0-rc1 ### PoC With the `KUBECONFIG` variable set to an appropriate file with `create` permissions for the `W...

Four members of the notorious REvil ransomware group have been sentenced to prison terms in Russia. This development…

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 incorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.

There is a whole ecosystem behind the sales and distribution of counterfeit goods. Best to tay away from them.