Security
Headlines
HeadlinesLatestCVEs

Tag

#git

UnRAR Path Traversal

This Metasploit module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRARed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.

Packet Storm
#vulnerability#mac#windows#linux#git#perl#auth
New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the threat in May 2024, said the malware is propagated via a network of Telegram channels

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to

Scammers advertise fake AppleCare+ service via GitHub repos

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

GHSA-32fj-r8qw-r8w8: MindsDB Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

We dug into PartnerLeak, the site behind the "your partner is cheating on you" emails, including how and where the scammers get their information.

Red Hat Security Advisory 2024-6610-03

Red Hat Security Advisory 2024-6610-03 - An update for git is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

From Amazon to Target: Hackers Mimic Top Brands in Global Crypto Scam

Cybercriminals are increasingly targeting retail affiliate programs with sophisticated cryptocurrency scams. Retailers and customers must stay alert against…

Ransomware Disguised as a Game: Kransom’s Attack Through DLL Side-Loading

Kransom ransomware hides within the StarRail game using DLL side-loading and a legitimate certificate from COGNOSPHERE PTE. LTD.…

Hackers Proxyjack & Cryptomine Selenium Grid Servers

A vendor honeypot caught two attacks intended to leverage the tens of thousands of exposed Selenium Grid Web app testing servers.