Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-v9m8-9xxp-q492: Auth0-PHP SDK Deserialization of Untrusted Data vulnerability

**Overview** The Auth0 PHP SDK contains a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. **Am I Affected?** You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0-PHP SDK, versions between 8.0.0-BETA3 to 8.3.0. 2. Applications using the following SDKs that rely on the Auth0-PHP SDK versions between 8.0.0-BETA3 to 8.3.0: a. Auth0/symfony, b. Auth0/laravel-auth0, c. Auth0/wordpress. **Fix** Upgrade Auth0/Auth0-PHP to 8.3.1. **Acknowledgement** Okta would like to thank Andreas Forsblom for discovering this vulnerability.

ghsa
#vulnerability#git#wordpress#php#auth
Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs

Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.

How Neuroscience Can Help Us Battle 'Alert Fatigue'

By understanding the neurological realities of human attention, organizations can build more sustainable security operations that protect not only their digital assets but also the well-being of those who defend them.

Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data

Malicious RubyGems pose as a legitimate plug-in for the popular Fastlane rapid development platform in a geopolitically motivated attack with global supply chain reach.

Photoshop for Beginners – Overview of Top Skills and How to Hone Them

What comes to your mind when you think of Photoshop? A tool for editing and retouching photos –…

The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare

In the very near future, victory will belong to the savvy blackhat hacker who uses AI to generate code at scale.

StormWall Reveals India, China and US Faced Most DDoS Attacks in Q1 2025

Shift in cyberattack focus puts APAC region under growing pressure.

Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords

A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…

Chrome Drops Trust for Chunghwa, Netlock Certificates

Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.

The Role of Continuous Integration and Continuous Deployment (CI/CD) in DevOps

Modern software development demands rapid delivery of high-quality applications that can adapt to changing business requirements and user…