#auth

The Snyk php plugin is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.

The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.

The software development kit will simplify building and testing of CHERI-enabled RISC-V applications.

Operation Overload pushes dressed up Russian state propaganda with the aim of flooding the US with election disinformation.

The risk of exploitation is heightened, thanks to a proof-of-concept that's been made publicly available.

### Impact _What kind of vulnerability is it? Who is impacted?_ In certain *very specific* situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions (no changing fields), and would allow their hooks (side effects) to be performed when they should not have been. Note that this does not allow reading new data that the user should not have had access to, only triggering a side effect a user should not have been able to trigger. You must have an update action that: - Is on a resource with no attributes containing an "update default" (updated_at timestamp, for example) - can be performed atomically. - Does *not* have `require_atomic? false` - Has at least one authorizer (typically `Ash.Policy.Authorizer`) - Has at least one `change` (on the resource's `changes` block or in the action itself) This is where the side-effects would be performed when they should not have been. --- - Is there ever a place where you call t...

Popular titles on both Google Play and Apple's App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.

The #opentowork hashtag may attract the wrong crowd as criminals target LinkedIn users to steal personal information, or scam them.

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.