Security
Headlines
HeadlinesLatestCVEs

Latest News

Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group

Censys uncovers the hidden infrastructure of Fox Kitten, an Iranian cyberespionage group. It reveals unique patterns, potential new…

HackRead
Open in Source
#git#backdoor
Walmart customers scammed via fake shopping lists, threatened with arrest

Scammers are creating fake Walmart virtual shopping lists that look like a contact page for customer service.

Walkie-Talkies Explode in New Attack on Hezbollah

In a second attack on Hezbollah members, two-way radios detonated around Lebanon on Wednesday, causing injuries and multiple deaths.

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botnet, dubbed Raptor Train by Lumen's Black Lotus Labs, is believed to have been operational since at least May 2020,

GHSA-rrr8-f88r-h8q6: find-my-way has a ReDoS vulnerability in multiparametric routes

### Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. ### Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. ### Workarounds No known workarounds. ### References - [CVE-2024-45296](https://github.com/advisories/GHSA-9wv6-86v2-598j) - [Detailed blog post about `path-to-regexp` vulnerability](https://blakeembrey.com/posts/2024-09-web-redos/)

GHSA-7x4w-cj9r-h4v9: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

The [actions](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/controllers/camaleon_cms/admin/media_controller.rb#L51-L52) defined inside of the MediaController class do not check whether a given path is inside a certain path (e.g. inside the media folder). If an attacker performed an account takeover of an administrator account (See: GHSL-2024-184) they could delete arbitrary files or folders on the server hosting Camaleon CMS. The [crop_url](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/controllers/camaleon_cms/admin/media_controller.rb#L64-L65) action might make arbitrary file writes (similar impact to GHSL-2024-182) for any authenticated user possible, but it doesn't seem to work currently. Arbitrary file deletion can be exploited with following code path: The parameter folder flows from the actions method: ```ruby def actions authorize! :manage, :media if params[:media_action] != 'crop_ur...

GHSA-r9cr-qmfw-pmrc: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to [documents](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L105-L106) or a string of an [unsupported format](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L110-L111). If an authenticated user or administrator visits that uploaded image or document malicious JavaScript can be executed on their behalf (e.g. changing or deleting content inside of the CMS.) Proof of concept Login as a normal user (if user signup is enabled). Go to the user's profile. And upload the following profile picture via drag and drop. The content of the SVG file could be as follows ...

GHSA-cp65-5m9r-vc2c: Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)

A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). In the [download_private_file](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/controllers/camaleon_cms/admin/media_controller.rb#L28) method: ```ruby def download_private_file cama_uploader.enable_private_mode! file = cama_uploader.fetch_file("private/#{params[:file]}") send_file file, disposition: 'inline' end ``` The file parameter is passed to the [fetch_file](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_local_uploader.rb#L27) method of the CamaleonCmsLocalUploader class (when files are uploaded locally): ```ruby def fetch_file(file_name) raise ActionController::RoutingError, 'File not found' unless file_exists?(file_name) file_name end ``...

Server Misconfiguration at Fuel Industry Software Provider Exposes SSNs, PII Data

A server misconfiguration exposed a trove of documents belonging to FleetPanda, a leading petroleum and fuel industry software…

GHSA-w392-75q8-vr67: Guardrails has an arbitrary code execution vulnerability

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing it to execute on the user's machine.