Security
Headlines
HeadlinesLatestCVEs

Latest News

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.

HackRead
Open in Source
#mac#git#auth
ABB Cylon FLXeon 9.3.4 (cert.js) Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/cert endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the affected parameters. The issue arises due to improper input validation in cert.js, where user-supplied data is executed via ChildProcess.exec() without adequate sanitization.

GHSA-qwp8-x4ff-5h87: ZX Allows Environment Variable Injection for dotenv API

### Impact This vulnerability is an **Environment Variable Injection** issue in `dotenv.stringify`, affecting `google/zx` version **8.3.1**. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to **arbitrary command execution** or **unexpected behavior** in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable. ### Patches This issue has been **patched** in version **8.3.2**. Users should **immediately upgrade** to this version to mitigate the vulnerability. ### Workarounds If upgrading is not feasible, users can mitigate the vulnerability by **sanitizing user-controlled environment variable values** before passing them to `dotenv.stringify`. Specifically, avoid using `"`, `'`, and backticks in values, or enforce strict validation of environment variables before u...

'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks

Anthropic says its Constitutional Classifiers approach offers a practical way to make it harder for bad actors to try and coerce an AI model off its guardrails.

Name That Edge Toon: In the Cloud

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Your Health Information Was Compromised. Now What? 

The healthcare industry has become increasingly reliant on technology to enhance patient care, from advanced image-guided surgery to…

Microsoft Sets End Date for Defender VPN

Though Windows, iOS, and macOS users won't need to make any changes, Android users are advised to remove their Defender VPN profiles.