#git

Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.

**Product:** Math **Version:** 0.2.0 **CWE-ID:** CWE-611: Improper Restriction of XML External Entity Reference **CVSS vector v.4.0:** 8.7 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) **CVSS vector v.3.1:** 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) **Description:** An attacker can create a special XML file, during which it processed, external entities are loaded, and it’s possible to read local server files. **Impact:** Local server files reading **Vulnerable component:** The [`loadXML`](https://github.com/PHPOffice/Math/blob/c3ecbf35601e2a322bf2ddba48589d79ac827b92/src/Math/Reader/MathML.php#L38C9-L38C55) function with the unsafe [`LIBXML_DTDLOAD`](https://www.php.net/manual/en/libxml.constants.php#constant.libxml-dtdload) flag, the [`MathML`](https://github.com/PHPOffice/Math/blob/master/src/Math/Reader/MathML.php) class **Exploitation conditions:** The vulnerability applies only to reading a file in the `MathML` format. **Mitigation:** If there is no option to refuse u...

### Summary Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should trust these headers, allowing HTTP clients to remove or modify them creates potential security vulnerabilities. However, it was found that some of these custom headers can indeed be removed and, in certain cases, manipulated. The attack relies on the behavior that headers can be defined as hop-by-hop via the HTTP Connection header. By setting the following connection header, the X-Forwarded-Host header can, for example, be removed: ``` Connection: close, X-Forwarded-Host ``` Similar critical vulnerabilities have been identified in other web servers and proxies, including [CVE-2022-31813](https://nvd.nist.gov/vuln/detail/CVE-2022-31813) in Apache HTTP Server and [CVE-2024-45410](https...

Cisco Talos uncovers CyberLock ransomware, Lucky_Gh0$t, and Numero malware masquerading as legitimate software and AI tool installers. Learn…

Four porn sites are being investigated by the European Commission under its Digital Services Act (DSA) for allegedly failing to verify its users' ages properly.

PALO ALTO, California, 29th May 2025, CyberNewsWire

Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.

Many organizations face challenges in creating value from data while maintaining strict regulatory standards set for handling sensitive data. For these organizations, handling large, complex data sets while maintaining efficiency, security and scalability becomes paramount to their deployment. The collaboration between Red Hat and Cloudera offers customers a solution that helps organizations to manage the complete data lifecycle, putting data to work faster and reducing time to value. With Cloudera Private Cloud on Red Hat OpenShift, organizations get aggregated and visualized data that can he

### Impact * Some source-builds may be impacted by a CWE-1395 (eg. vulnerable `setuptools` dependency). * Multicast prior to v2.0.9a3 on systems with minimal dependancies installed may use `setuptools <78.1.1` and thus rely on a compromised dependency. In some cases there is a chance that source-builds would fail due to an exploit of the closely related CVE-2025-47273, or become arbitrarily modified. ### Patches * Pre-release version v2.0.9a0 and later resolve the issue by bumping requirements to `setuptools>=80.4` * Pre-release version v2.0.9a3 and later are recommended for improved stability over v2.0.9a0 ### Workarounds * Further hardening in v2.0.9a4+ of the build process in CI builds allowing source builds to be verified via GH attestations. ### References * [GHSA-5rjg-fvgr-3xxf](https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf) * pypa/setuptools#4946 ### Fixes * https://github.com/reactive-firewall/multicast/blob/c5c7c7de272421d944beca845287...

### Summary The vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. ### Details The "type" field is expected to be one of: "string", "number", "object", "boolean", "array", or "null". Supplying any other value will cause the worker to crash with the following error: RuntimeError: [11:03:34] /project/cpp/json_schema_converter.cc:637: Unsupported type "something_or_nothing" The "pattern" field undergoes Jinja2 rendering (I think) prior to being passed unsafely into the native regex compiler without validation or escaping. This allows malformed expressions to reach the underlying C++ regex engine, resulting in fatal errors. For example, the following inputs will crash the wo...