Security
Headlines
HeadlinesLatestCVEs

Tag

#git

The Role of Blockchain and Smart Contracts in Securing Digital Transactions

Learn how blockchain and smart contracts improve cybersecurity factors in online transactions, remove the element of fraud, and…

HackRead
Open in Source
#vulnerability#web#microsoft#amazon#git#auth#ibm
Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted

SUMMARY Byte Federal, the US’s largest Bitcoin ATM operator offering around 1,200 Bitcoin ATMs across the country, recently…

'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.

3 key features in Red Hat Advanced Cluster Security for Kubernetes 4.6

Red Hat Advanced Cluster Security for Kubernetes and Red Hat Advanced Cluster Security for Kubernetes Cloud Service versions 4.6 are now available. This update lays the foundation for a future based on policy as code and improves the UI to make it easier for users to find what they need.The significant changes in this version can be found here, but the highlights are:Violations Management UX improvementsACS Scanner v4 adopts Red Hat CSAF/VEXNVD CVSS scores for all CVEs (when available)Compliance reportingACSCS PCI DSS 4.0.0 complianceRed Hat Advanced Cluster Management for Kubernetes GlobalHub

Professions That Are the Most Exposed to Cybersecurity Threats

Explore the professions most vulnerable to cybersecurity threats in 2025, from IT pros to crypto investors. Learn how…

The Growing Importance of Secure Crypto Payment Gateways

Learn how cryptocurrency’s rapid growth brings risks like fake payment gateways and online scams. Discover tips to stay…

336K Prometheus Instances Exposed to DoS, 'Repojacking'

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack

Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.

Europol Cracks Down on Holiday DDoS Attacks

In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts.

GHSA-j2pq-22jj-4pm5: XWiki allows remote code execution through the extension sheet

### Impact On instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. In order to reproduce on an instance, as a normal user without `script` nor `programming` rights, go to your profile and add an object of type `ExtensionCode.ExtensionClass`. Set the description to `{{async}}{{groovy}}println("Hello from Description"){{/groovy}}{{/async}}` and press `Save and View`. If the description displays as `Hello from Description` without any error, then the instance is vulnerable. ### Patches This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. ### Workarounds Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it. It is also possible to manually apply [this patch](https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8#diff-9b6f9e853f23d76611967737f8c4072ffceaba4c006ca5a5e65b66d988dc084a) to the page `Ex...