Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

AppleAVD AV1_Syntax::f Out-Of-Bounds Reads

AppleAVD has an issue in AV1_Syntax::f leading to out-of-bounds reads.

Packet Storm
#apple#sap
AppleAVD AV1_Syntax::Parse_Header Integer Underflow / Out-Of-Bounds Reads

AppleAVD has an integer underflow in AV1_Syntax::Parse_Header that can lead to out-of-bounds reads.

Malicious Ads in Search Results Are Driving New Generations of Scams

The scourge of “malvertising” is nothing new, but the tactic is still so effective that it's contributing to the rise of investment scams and the spread of new strains of malware.

'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.

Salt Typhoon Builds Out Malware Arsenal With GhostSpider

The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.

GHSA-2xcc-vm3f-m8rw: @lobehub/chat Server Side Request Forgery vulnerability

### Summary lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. ### Details * visit https://chat-preview.lobehub.com/ * click settings -> llm -> openai * fill the OpenAI API Key you like * fill the proxy address that you want to attack (e.g. a domain that resolved to a local ip addr like 127.0.0.1.xip.io) (the address will concat the path "/chat/completions" which can be bypassed with sharp like "http://172.23.0.1:8000/#") * then lobe will echo the ssrf result The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, you can modify it to scan internal network in your target lobe-web. ![image](https://github.com/lobehub/lobe-chat/assets/55245002/d55e21e0-59d8-4a8e-8c56-4bcda3302dc2) ![image](https://github.com/lobehub/lobe-chat/assets/55245002/86833362-4e9e-4d07-9542-420db541f7a4) ![image](https://github.com/lobe...

My Car Knows My Secrets, and I'm (Mostly) OK With That

Imagine your car gossiping to insurance companies about your lead foot, or data brokers peddling your daily coffee run. Welcome to the world of connected cars, where convenience and privacy are locked in a head-on collision.

Tips and Tools for Social Media Safety

Protect your social media presence with tools like privacy checkups, monitoring services, and digital footprint scanners. Stay secure by avoiding oversharing, limiting third-party app permissions, and using strong passwords.

A week in security (November 18 – November 24)

A list of topics we covered in the week of November 18 to November 24 of 2024

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.