Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GHSA-3phv-83cj-p8p7: nope-validator Regular Expression Denial of Service vulnerability

Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). This vulnerability is fixed in 0.12.1.

ghsa
#vulnerability#web#dos#java#auth
New Attack Lets Hackers Downgrade Windows to Exploit Patched Flaws

SafeBreach Labs unveils ‘Windows Downdate,’ a new attack method which compromises Windows 11 by downgrading system components, and…

Chinese Hackers Target Trump Campaign via Verizon Breach

Plus: Apple offers $1 million to hack its AI cloud infrastructure, Iranian hackers successfully peddle stolen Trump campaign docs, Russia hacks the nation of Georgia, and a “cyberattack” that wasn’t.

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg found Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan

GHSA-j9wp-x5q5-xh2f: Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in `\backend\controller\sys\Attachh.php` directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS).

GHSA-2mv8-jjm5-f3hr: SQL injection in funadmin

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.

LinkedIn Hit With $335M Fine for Data Privacy Violations

The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.

Russia's APT29 Mimics AWS Domains to Steal Windows Credentials

Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.

UnitedHealth Reveals 100M Compromised in Change Healthcare Breach

Eight months after the breach occurred, Change Healthcare has finally sent out millions of notices of compromised data to affected individuals.