Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Why Simulating Phishing Attacks Is the Best Way to Train Employees

Despite advancements in cybersecurity tools, human vulnerability remains the weakest link, with phishing among the most dangerous forms…

HackRead
#vulnerability#web#ios#microsoft#git#intel#perl#auth#ibm
FBI-Wanted Hacker Behind Global Ransomware Attacks Arrested in Russia

Mikhail Pavlovich Matveev (aka Wazawaka) has been wanted by the FBI since 2023.

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script. The need for authentication and admin access could limit this vulnerability’s impact, but here we […]

Printer problems? Beware the bogus help

Printer issues are very common, but searching Google for help may get you into more trouble than you'd expect.

GHSA-2gx6-qrpp-c4p3: Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.

GHSA-cg28-v4wq-whv5: Symfony's VarDumper vulnerable to unsafe deserialization

A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code.

GHSA-7q22-x757-cmgc: Symfony http-security has authentication bypass

In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.

GHSA-2mj3-vfvx-fc43: Moby Race Condition vulnerability

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.

GHSA-gh5c-3h97-2f3q: Moby Race Condition vulnerability

moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.

Godot Engine Exploited to Spread Malware on Windows, macOS, Linux

Check Point Research has discovered cybercriminals exploiting the popular Godot Game Engine to deliver malicious software. Discover the techniques used by attackers and how to protect yourself from these threats.