Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

About Remote Code Execution – Veeam Backup & Replication (CVE-2025-23120) vulnerability

About Remote Code Execution – Veeam Backup & Replication (CVE-2025-23120) vulnerability. Veeam B&R is a client-server software solution for centralized backup of virtual machines in VMware vSphere and Microsoft Hyper-V environments. A deserialization flaw (CWE-502) lets an attacker run arbitrary code on a Veeam server. The necessary conditions: the Veeam server must be part of […]

Alexander V. Leonov
Open in Source
#vulnerability#mac#microsoft#rce#vmware#auth#blog
GHSA-3p6v-hrg8-8qj7: @mozilla/readability Denial of Service through Regex

Specially crafted titles may have caused a regular expression to excessively backtrack and cause a local denial of service. Additional Details are [available at Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1948833) Credit: DayShift

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Fake Booking.com emails sent to hotels lead to fake Captcha sites that trick the staff into infecting their own systems

Crypto Heist Suspect “Wiz” Arrested After $243 Million Theft

Veer Chetal, known online as "Wiz" and one of the key suspects in the massive $243 million cryptocurrency heist, has been apprehended by U.S. Marshals.

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

With 23andMe filing for bankruptcy, here's how to remove your data from the company and protect yourself from the 2023 breach.

GHSA-5565-3c98-g6jc: WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack

### Impact A vulnerability was found in OIDC-Client. When using the elytron-oidc-client subsystem with WildFly, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack. ### Patches [2.2.9.Final](https://github.com/wildfly-security/wildfly-elytron/releases/tag/2.2.9.Final) [2.6.2.Final](https://github.com/wildfly-security/wildfly-elytron/releases/tag/2.6.2.Final) ### Workarounds Currently, no mitigation is currently available for this vulnerability. ### References https://nvd.nist.gov/vuln/detail/CVE-2024-12369 https://access.redhat.com/security/cve/CVE-2024-12369 https://bugzilla.redhat.com/show_bug.cgi?id=2331178 https://issues.redhat.com/browse/ELY-2887

GHSA-7287-grhx-542x: Pixelfed may allow unauthorized actor to view private posts and private users

Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.

Satellite Navigation Systems Facing Rising Jamming and Spoofing Attacks

Satellite navigation systems are under rising threat from jamming and spoofing attacks, risking aviation, maritime, and telecom safety worldwide, warn global agencies.

GHSA-qrv3-jc3h-f3m6: Frappe vulnerable to information disclosure leading to account takeover

### Impact Making crafted requests could lead to information disclosure that could further lead to account takeover. ### Workarounds There's no workaround to fix this without upgrading. ### Credits Thanks to Thanh of Calif.io for reporting the issue