Security
Headlines
HeadlinesLatestCVEs

Latest News

Ivanti's Cloud Service Appliance Attacked via Second Vuln

The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).

DARKReading
Open in Source
#vulnerability#rce#auth#zero_day
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover

Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.

Police Broke Tor Anonymity to Arrest Dark Web Users in Major CSAM Bust

German authorities dismantled Boystown, a notorious Dark Web platform for CSAM, by deanonymizing Tor users in 2021. This…

LinkedIn Addresses User Data Collection for AI Training

The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.

“Simply staggering” surveillance conducted by social media and streaming services, FTC finds

The FTC published a report about the ways social media and video streaming services collect and use our data

Ubuntu Security Notice USN-7027-1

Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Debian Security Advisory 5773-1

Debian Linux Security Advisory 5773-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

GHSA-rxq8-q85f-m866: Prevent XSS from Confidant API call

### Impact _What kind of vulnerability is it? Who is impacted?_ Potential XSS from API calls below: GET <app>/v1/credentials GET <app>/v1/credentials/<id> GET <app>/v1/archive/credentials/<id> GET <app>/v1/archive/credentials POST <app>/v1/credentials PUT <app>/v1/credentials/<id> PUT <app>/v1/credentials/<id>/<to_revision> GET <app>/v1/services GET <app>/v1/services/<id> GET <app>/v1/archive/services/<id> GET <app>/v1/archive/services PUT <app>/v1/services/<id> PUT <app>/v1/services/<id>/<to_revision> Stored XSS that can only be used as a stored HTML injection. The attacker needs to be authenticated and have privileges to create new credentials, but could use this to show information and run scripts to other users into the same Confidant instance. ### Patches _Has the problem been patched? What versions should users upgrade to?_ yes, version 6.6.2 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ NO ### References _Are there any l...

OpenSSH 9.9p1

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.