#web

### Impact Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. [WebAssembly tail calls](https://github.com/webassembly/tail-call) are a proposal which relatively recently reached stage 4 in the [standardization process](https://github.com/WebAssembly/proposals/). Wasmtime first enabled support for tail calls by default [in Wasmtime 21.0.0](https://github.com/bytecodealliance/wasmtime/pull/8540), although that release contained a bug where it was only on-by-default for some configurations. In [Wasmtime 22.0.0](https://github.com/bytecodealliance/wasmtime/pull/8682) tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or ...

While Google is experimenting on how its search results page looks like, we are reminded of what users need the most: indicators of confidence.

Trojan.AutoIt.1443 targets 28,000 users, spreading via game cheats and office tools. This cryptomining and cryptostealing malware bypasses antivirus…

Multimodal AI systems can help enterprise defenders weed out fraudulent emails, even if the system has not seen that type of message before.

The $4.4 billion in crypto is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent who seized the recording-breaking sum, meanwhile, languishes in a Nigerian jail cell.

Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Ubuntu Security Notice 7058-1 - Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that .NET components designed to process malicious input were susceptible to hash flooding attacks. An attacker could possibly use this issue to cause a denial of service, resulting in a crash.

Ubuntu Security Notice 7057-2 - USN-7057-1 fixed a vulnerability in WEBrick. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack.

Ubuntu Security Notice 7014-2 - USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.