Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Schneider Electric Clawed by 'Hellcat' Ransomware Gang

The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up.

DARKReading
Open in Source
#vulnerability#web#auth#zero_day#jira
GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

### Impact Refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. ### Patches Patched in [https://github.com/workos/authkit-remix/releases/tag/v0.4.1](https://github.com/workos/authkit-remix/releases/tag/v0.4.1)

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

### Impact Refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. ### Patches Patched in [https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2](https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2)

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed

Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches

Canadian authorities arrest a suspect linked to the Snowflake data breach, exposing vulnerabilities in cloud infrastructure. The breach…

Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data

A bug that WIRED discovered in True the Vote’s VoteAlert app revealed user information—and an election worker who wrote about carrying out an illegal voter-suppression scheme.

ABB Cylon Aspect 3.08.00 Off-By-One

A vulnerability was identified in a ABB Cylon Aspect version 3.08.00 where an off-by-one error in array access could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than or equals to condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets.

Ubuntu Security Notice USN-7091-1

Ubuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.

Red Hat Security Advisory 2024-8887-03

Red Hat Security Advisory 2024-8887-03 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and denial of service vulnerabilities.