#vulnerability

**Overview** The laravel-auth0 SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. **Am I Affected?** You are affected by this vulnerability if you meet the following preconditions: 1. Applications using laravel-auth0 SDK, versions between 7.0.0-BETA1 to 7.2.1. 2. Laravel-auth0 SDK uses the Auth0-PHP SDK with version 8.0.0-BETA3 to 8.3.0. **Fix** Upgrade Auth0/laravel-auth0 to the latest version (v7.17.0). **Acknowledgement** Okta would like to thank Andreas Forsblom for discovering this vulnerability.

iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals…

Mass layoffs create cybersecurity vulnerabilities through dormant accounts and disgruntled employees.

**Overview** The Auth0 Symfony SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. **Am I Affected?** You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the Auth0 Symfony SDK, versions between 5.0.0 BETA-0 to 5.0.0. 2. Auth0 Symfony SDK uses the Auth0-PHP SDK with version 8.0.0-BETA3 to 8.3.0. **Fix** Upgrade Auth0/symfony to the latest version (v5.4.0). **Acknowledgement** Okta would like to thank Andreas Forsblom for discovering this vulnerability.

Grab a large sweet tea or a cup of coffee and read the 2024 Product Security Risk Report from Red Hat Product Security. As someone striving to stay informed about the open source ecosystem and its security challenges, I found this year's report noticeably longer, but the depth and detail didn’t disappoint. In fact, one notable addition to this year’s report is the discussion of AI. The numbers game: up, up, and...wait, what?First, let’s break down the raw numbers. Red Hat Security Advisories (RHSA) hit a new peak in 2024, clocking in at 2975. There has been a steady increase over the pa

The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.

In this week's newsletter, Martin emphasizes that awareness, basic cyber hygiene and preparation are essential for everyone, and highlights Talos' discovery of the new PathWiper malware.

A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…

### Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs.

ConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company's disclosures don't explain what the vulnerability is and when it was first exploited.