#git

API attacks are constantly on the rise, with a recent alarming study showing that 59% of organizations give…

Google spies on Android device users, starting from even before they have logged in to their Google account.

Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects.

# Description [An issue was discovered in IBC-Go's deserialization of acknowledgements](https://github.com/cosmos/ibc-go/security/advisories/GHSA-jg6f-48ff-5xrw) that results in non-deterministic behavior which can halt a chain. Any user that can open an IBC channel can introduce this state to the chain. This an upstream dependency used in cheqd-node, rather than a custom module. ## Impact Could result in a chain halt. ## Patches Validators, full nodes, and IBC relayers should upgrade to **[cheqd-node v3.1.7](https://github.com/cheqd/cheqd-node/releases/tag/v3.1.7)**. This upgrade does not require a software upgrade proposal on-chain and is meant to be non state-breaking. ## References See [ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt](https://github.com/cosmos/ibc-go/security/advisories/GHSA-jg6f-48ff-5xrw) upstream on IBC-Go.

### Summary Authenticated users can craft a filter string used to cause a SQL injection. ### Details _Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._ This code does not look to sanitize inputs: https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47 c.f. with https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347 ### PoC _Complete instructions, including specific configuration details, to reproduce the vulnerability._ ### Impact _What kind of vulnerability is it? Who is impacted?_

### Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. ### Patches https://github.com/facebookincubator/below/commit/10e73a21d67baa2cd613ee92ce999cda145e1a83 This is included in version 0.9.0 ### Workarounds Change the permission on `/var/log/below` manually ### References https://www.facebook.com/security/advisories/cve-2025-27591 https://www.cve.org/CVERecord?id=CVE-2025-27591

### Summary _An HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication._ ### Observation _It is observed that in the portal of the customer account, there is a functionality in the email section to create an email address that accepts user input. By intercepting the request and modifying the "domain" field with an HTML injection payload containing an anchor tag, the injected payload is reflected on an error page. When clicked, it redirects users to an external website, confirming the presence of an HTML Injection vulnerability._ ### PoC 1. Navigate to the Email section in the Customer Account Portal and create a new email address. 2. Enter any garbage value in the required...

### Summary the vulnerability is that users (such as resellers or customers) are able to create accounts with the same email address as an existing account (e.g., if the admin has [[email protected]](mailto:[email protected]), others can also create an account using the same email). This creates potential issues with account identification and security. ### Impact Local/Authenticated: This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. Email-based: The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues.

### Impact When using Babel to compile [regular expression named capturing groups](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Named_capturing_group), Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`). Your generated code is vulnerable if _all_ the following conditions are true: - You use Babel to compile [regular expression named capturing groups](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Named_capturing_group) or - You use the `.replace` method on a regular expression that contains named capturing groups - **Your code uses untrusted strings as the second argument of `.replace`** If you are using `@babel/preset-env` with the [`targets`](https://babeljs.io/docs/options#targets) option, the transform that injects the vulnerable code is automatically enabled if: - you use...

### Impact The Keras `Model.load_model` function permits arbitrary code execution, even with `safe_mode=True`, through a manually constructed, malicious `.keras` archive. By altering the `config.json` file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading. ### Patches This problem is fixed starting with version `3.9`. ### Workarounds Only load models from trusted sources and model archives created with Keras. ### References - https://www.cve.org/cverecord?id=CVE-2025-1550 - https://github.com/keras-team/keras/pull/20751