Security
Headlines
HeadlinesLatestCVEs

Tag

#git

ClickFix Email Scam Alert: Fake Booking.com Emails Deliver Malware

Cofense Intelligence uncovers a surge in ClickFix email scams impersonating Booking.com, delivering RATs and info-stealers. Learn how these…

HackRead
#web#mac#windows#git#intel
Ransomware hiding in fake AI, business tools

Ransomware has been discovered by security researchers in fake installers posing as Chat GPT, Nova Leads, and InVideo AI.

Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine

Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.”

GHSA-862m-5253-832r: Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data

**Overview** The Auth0 Wordpress plugin contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. **Am I Affected?** You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0 WordPress plugin, versions between 5.0.0 BETA-0 to 5.0.1. 2. Auth0 WordPress plugin uses the Auth0-PHP SDK with version 8.0.0-BETA3 to 8.3.0. **Fix** Upgrade the Auth0 WordPress plugin to the latest version (v5.3.0).

GHSA-g5hg-p3ph-g8qg: Multer vulnerable to Denial of Service via unhandled exception

### Impact A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. ### Patches Users should upgrade to `2.0.1` ### Workarounds None ### References https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9 https://github.com/expressjs/multer/issues/1233 https://github.com/expressjs/multer/pull/1256

GHSA-pr59-jjr4-gcf6: anon-vec lacks sufficient checks in public API

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - `AnonVec::get_ref()` - `AnonVec::get_mut()` - `AnonVec::remove_get()` The crate was built as a learning project and is not being maintained.

GHSA-cq37-g2qp-3c2p: AstrBot Has Path Traversal Vulnerability in /api/chat/get_file

### Impact This vulnerability may lead to: * Information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. ### Reproduce Follow these steps to set up a test environment for reproducing the vulnerability: 1. Install dependencies and clone the repository: ```bash pip install uv git clone https://github.com/AstrBotDevs/AstrBot && cd AstrBot uv run main.py ``` 2. Alternatively, deploy the program via pip: ```bash mkdir astrbot && cd astrbot uvx astrbot init uvx astrbot run ``` 3. In another terminal, run the following command to exploit the vulnerability: ```bash curl -L http://0.0.0.0:6185/api/chat/get_file?filename=../../../data/cmd_config.json ``` This request will read the `cmd_config.json` config file, leading to the leakage of sensitive data such as LLM API keys, usernames, and password hashes (MD5). ### Patches The vulnerability has been addressed in [Pull Request #1676](https://github.com...

GHSA-f3fg-mf2q-fj3f: NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies

**Overview** In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, __session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. **Am I Affected?** You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, 2. Applications using CDN or edge caching that caches responses with the Set-Cookie header. 3. If the Cache-Control header is not properly set for sensitive responses. **Fix** Upgrade auth0/nextjs-auth0 to v4.6.1.

GHSA-9jgg-88mc-972h: webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser

### Summary Source code may be stolen when you access a malicious web site with non-Chromium based browser. ### Details The `Origin` header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address `Origin` headers. https://github.com/webpack/webpack-dev-server/blob/55220a800ba4e30dbde2d98785ecf4c80b32f711/lib/Server.js#L3113-L3127 This allows websites that are served on IP addresses to connect WebSocket. By using the same method described in [the article](https://blog.cal1.cn/post/Sniffing%20Codes%20in%20Hot%20Module%20Reloading%20Messages) linked from CVE-2018-14732, the attacker get the source code. related commit: https://github.com/webpack/webpack-dev-server/commit/72efaab83381a0e1c4914adf401cbd210b7de7eb (note that `checkHost` function was only used for Host header to prevent DNS rebinding attacks so this change itself is fine. This vulnerability does not affect Chrome 94+ (and othe...

GHSA-4v9v-hfq4-rm2v: webpack-dev-server users' source code may be stolen when they access a malicious web site

### Summary Source code may be stolen when you access a malicious web site. ### Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject `<script src="http://localhost:8080/main.js">` in their site and run the script. Note that the attacker has to know the port and the output entrypoint script path. Combined with prototype pollution, the attacker can get a reference to the webpack runtime variables. By using `Function::toString` against the values in `__webpack_modules__`, the attacker can get the source code. ### PoC 1. Download [reproduction.zip](https://github.com/user-attachments/files/18426585/reproduction.zip) and extract it 2. Run `npm i` 3. Run `npx webpack-dev-server` 4. Open `https://e29c9a88-a242-4fb4-9e64-b24c9d29b35b.pages.dev/` 5. You can see the source code output in the document and the devtools console. ![image](https://github.com/user-attachments/assets/9d4dcdca-5d24-4c84-a7b4-feb1782bca09) The scr...