Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari

PALO ALTO, California, 29th May 2025, CyberNewsWire

HackRead
Open in Source
#vulnerability#web#mac#git#intel#auth#chrome#firefox#ssl
New Malware Spotted Corrupts Its Own Headers to Block Analysis

Fortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server.

Cybercriminals camouflaging threats as AI tool installers

Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.

Unlock sensitive data for AI with Cloudera on Red Hat OpenShift

Many organizations face challenges in creating value from data while maintaining strict regulatory standards set for handling sensitive data. For these organizations, handling large, complex data sets while maintaining efficiency, security and scalability becomes paramount to their deployment. The collaboration between Red Hat and Cloudera offers customers a solution that helps organizations to manage the complete data lifecycle, putting data to work faster and reducing time to value. With Cloudera Private Cloud on Red Hat OpenShift, organizations get aggregated and visualized data that can he

Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say

Researchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks.

Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers

Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for…

Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware

Cybercriminals are using text-to-video-AI tools to lure victims to fake websites that deliver malware like infostealers and Trojans.

Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…

GHSA-v8wj-f5c7-pvxf: Strapi allows Server-Side Request Forgery in Webhook function

## Description In Strapi latest version, at function Settings -> Webhooks, the application allows us to input a URL in order to create a Webook connection. However, we can input into this field the local domains such as `localhost`, `127.0.0.1`, `0.0.0.0`,.... in order to make the Application fetching into the internal itself, which causes the vulnerability `Server - Side Request Forgery (SSRF)`. ## Payloads - `http://127.0.0.1:80` -> `The Port is not open` - `http://127.0.0.1:1337` -> `The Port which Strapi is running on` ## Steps to Reproduce - First of all, let's input the URL `http://127.0.0.1:80` into the `URL` field, and click "Save". ![CleanShot 2024-06-04 at 22 45 17@2x](https://github.com/strapi/strapi/assets/71650574/7336b817-cb61-41e6-9b3f-87151d8667e9) - Next, use the "Trigger" function and use Burp Suite to capture the request / response ![CleanShot 2024-06-04 at 22 47 50@2x](https://github.com/strapi/strapi/assets/71650574/659f1bbe-6b03-456c-a9c2-5187fca20dd6) ...

The Privacy-Friendly Tech to Replace Your US-Based Email, Browser, and Search

Thanks to drastic policy changes in the US and Big Tech’s embrace of the second Trump administration, many people are moving their digital lives abroad. Here are a few options to get you started.