#auth

SolarWinds Platform version 2024.1 SR1 suffers from a race condition vulnerability.

Automad version 2.0.0-alpha.4 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice 6849-1 - It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some methods without authentication.

Ubuntu Security Notice 6850-1 - It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials.

Poultry Farm Management System version 1.0 remote shell upload exploit. This is a variant of the original discovery of this flaw in this software version by Hejap Zairy in March of 2022.

As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix.

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude. For example, look no

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. "When your headphones are seeking a connection request to one of your previously

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity firm Cleafy said in an analysis

The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges.