Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Digital rampage saw ex-Disney employee remove nut allergy info from menus, dox co-workers, and more

A former Disney employee has been sentenced to three years in prison for computer fraud and identity theft.

Malwarebytes
Open in Source
#git#auth
GHSA-fpwr-67px-3qhx: Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).

Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur

How Postal Code Data Impacts Cybersecurity, Privacy and Fraud Prevention

Postal codes now play a key role in cybersecurity, fraud prevention, and digital identity verification, raising new concerns…

GHSA-c8hm-hr8h-5xjw: n8n Vulnerable to Stored XSS through Attachments View Endpoint

### Impact n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there was no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allowed the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser. An authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malicious JavaScript. When another user visits the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user’s session. This script could, for example, send a request to change the user’s email address in their account settings, effectively enabling account takeover. ### Patches - [[email protected]](https://github.com/n8n-io/n8n/releases/tag/n8n%401.90.0) ### Credit We would like to thank @Mahmoud0x00 for reporting this issue.

GHSA-c82r-c9f7-f5mj: Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file

# Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET (“Connector”). When using the Easy Logging feature on Linux and macOS, the Connector didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to overwrite the configuration and gain control over logging level and output location. This vulnerability affects Connector versions 2.1.2 through 4.4.0. Snowflake fixed the issue in version 4.4.1. # Vulnerability Details When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided file. On Linux and macOS, the Connector verifies that the configuration file can be written to only by its owner. That check was vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition and failed to verify that the file owner matches the user running the Connector. This could allow a local attacker with write access to the configurati...

GHSA-j3g3-5qv5-52mj: net-imap rubygem vulnerable to possible DoS by memory exhaustion

### Summary There is a possibility for denial of service by memory exhaustion when `net-imap` reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response. This should not be an issue when securely connecting to trusted IMAP servers that are well-behaved. It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname). ### Details The IMAP protocol allows "literal" strings to be sent in responses, prefixed with their size in curly braces (e.g. `{1234567890}\r\n`). When `Net::IMAP` receives a response containing a literal string, it calls `IO#read` with that size. When called with a size, `IO#read` immediately allocates memory to buffer the entire string before processing continu...

Employee monitoring app exposes users, leaks 21+ million screenshots

WorkComposer, an employee monitoring app, has leaked millions of screenshots through an unprotected AWS S3 bucket.

Darcula Phishing Kit Uses AI to Evade Detection, Experts Warn

Darcula phishing platform adds AI to create multilingual scam pages easily. Netcraft warns of rising risks from Darcula-Suite…

IR Trends Q1 2025: Phishing soars as identity-based attacks persist

This quarter, phishing attacks surged as the primary method for initial access. Learn how you can detect and prevent pre-ransomware attacks.