Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GenAI Writes Malicious Code to Spread AsyncRAT

Researchers have uncovered one of the first examples of threat actors using artificial intelligence chatbots for malware creation, in a phishing attack spreading the open source remote access Trojan.

DARKReading
Open in Source
#web#windows#cisco#git#java#intel#pdf#auth
Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities

An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which is also called Outrider Tiger and Fishing Elephant. "Between late 2022 to present, SloppyLemming

'SloppyLemming' APT Abuses Cloudflare Service in Pakistan Attacks

Who needs advanced malware when you can take advantage of a bunch of OSS tools and free cloud services to compromise your target?

GHSA-75j2-9gmc-m855: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to [documents][1] or a string of an [unsupported format][2]. If an authenticated user or administrator visits that uploaded image or document malicious JavaScript can be executed on their behalf (e.g. changing or deleting content inside of the CMS.) [1]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L105-L106 [2]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L110-L111 ## Impact This issue may lead to account takeover due to reflected Cross-site scripting (XSS). ## Remediation Only allow the upload of safe files such as PNG, TXT and others or serve al...

GHSA-m842-4qm8-7gpq: Gradio allows users to access arbitrary files

### Impact This vulnerability allows users of Gradio applications that have a public link (such as on Hugging Face Spaces) to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. ### Patches Yes, the problem has been patched in Gradio version 4.19.2 or higher. We have no knowledge of this exploit being used against users of Gradio applications, but we encourage all users to upgrade to Gradio 4.19.2 or higher. Fixed in: https://github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7 CVE: https://nvd.nist.gov/vuln/detail/CVE-2024-1728

China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs

The state-sponsored advanced persistent threat (APT) is going after high-value communications service provider networks in the US, potentially with a dual set of goals.

Dell Hit by Third Data Leak in a Week Amid “grep” Cyberattacks

Dell faces its third data leak in a week as hacker “grep” continues targeting the tech giant. Sensitive…

Digital Asset Trading Platform UEEx Strengthens Digital Asset Security with New Protection Policy

UEEx enhances user security with new compensation policies addressing abnormal market volatility and asset protection. Users can now…

GHSA-79gp-q4wv-33fr: Cross-Site Request Forgery (CSRF) in strawberry-graphql

### Impact Multipart file upload support as defined in the [GraphQL multipart request specification](https://github.com/jaydenseric/graphql-multipart-request-spec) was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django's built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. ### Patches Version `v0.243.0` is the first `strawberry-graphql` including a patch. Check out our [documentation](https://strawberry.rocks/docs/breaking-changes/0.243.0) for additional details and upgrade instructions. ### References - [Strawberry upgrade guide](https://strawberry.rocks/docs/breaking-changes/0.243.0) - [Multipart Upload Secur...

GHSA-rgg8-g5x8-wr9v: Cross-site scripting (XSS) in the clipboard package

### Impact During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was identified in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability affects **only** installations where the editor configuration meets the following criteria: 1. The [**Block Toolbar**](https://ckeditor.com/docs/ckeditor5/latest/getting-started/setup/toolbar.html#block-toolbar) plugin is enabled. 1. One of the following plugins is also enabled: - [**General HTML Support**](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html) with a configuration that permits unsafe markup. - [**HTML Embed**](https://ckeditor.com/docs/ckeditor5/latest/features/html/html-embed.html). ### Patches The problem has been recognized and...