#vulnerability

Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.

The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up.

An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

### Impact Refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. ### Patches Patched in [https://github.com/workos/authkit-remix/releases/tag/v0.4.1](https://github.com/workos/authkit-remix/releases/tag/v0.4.1)

### Impact Refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. ### Patches Patched in [https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2](https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2)

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed

Canadian authorities arrest a suspect linked to the Snowflake data breach, exposing vulnerabilities in cloud infrastructure. The breach…

A bug that WIRED discovered in True the Vote’s VoteAlert app revealed user information—and an election worker who wrote about carrying out an illegal voter-suppression scheme.

A vulnerability was identified in a ABB Cylon Aspect version 3.08.00 where an off-by-one error in array access could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than or equals to condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets.

Ubuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.