Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

CVE-2022-25844: Regular Expression Denial of Service (ReDoS) in org.webjars.npm:angular | CVE-2022-25844 | Snyk

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

CVE
Open in Source
#web#mac#ddos#dos#nodejs#git
One of the Most Powerful DDoS Attacks Ever Hits a Crypto Platform

The onslaught was delivered through HTTPS, which puts more strain on a target, and it suggests that attackers are getting more powerful.

FBI Conducted 3.4 Million Warrantless Searches of Americans' Data

Plus: Trump backers breach election systems, Microsoft tracks Russia's war prep, a new Facebook leak reveals a mess, and Bored Ape Yacht Club gets hacked.

Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded

This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.

Threat Roundup for April 22 to April 29

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 22 and April 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Security Turbulence in the Cloud: Survey Says…

Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.

Ukraine government and pro-Ukrainian sites hit by DDoS attacks

We can't tell which party made the first move, but both the pro-Ukraine and Russian sides have been exchanging DDoS attacks. The post Ukraine government and pro-Ukrainian sites hit by DDoS attacks appeared first on Malwarebytes Labs.

Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In

India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber

CVE-2022-28101: HTML Injection Leading to RCE in Turtl - Cyber Citadel

Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.

Cyberattacks Rage in Ukraine, Support Military Operations

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.