Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-8j8w-wwqc-x596: Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

ghsa
Open in Source
#vulnerability#web#php#rce#auth
What does Facebook know about me? (Lock and Code S06E11)

This week on the Lock and Code podcast, host David Ruiz digs into his own Facebook data to see what the social media giant knows about him.

Flowable’s Smart Automation Tools Are Reshaping How Enterprises Operate in 2025

As more businesses face pressure to do more with fewer resources, automation platforms like Flowable are becoming central…

Interlock Ransomware Deploys New NodeSnake RAT in UK Attacks

Quorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government.

GHSA-wv8j-m3hx-924j: Arrow2 allows out of bounds access in public safe API

`Rows::row_unchecked()` allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead.

A Hacker May Have Deepfaked Trump’s Chief of Staff in a Phishing Campaign

Plus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more.

GHSA-g9f5-x53j-h563: Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

### Summary A security vulnerability has been identified in `go-gh` where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. ### Details The GitHub CLI and CLI extensions allow users to transition from their terminal for a variety of use cases through the [`Browser` capability in `github.com/cli/go-gh/v2/pkg/browser`](https://github.com/cli/go-gh/blob/61bf393cf4aeea6d00a6251390f5f67f5b67e727/pkg/browser/browser.go): - Using the `-w, --web` flag, GitHub CLI users can view GitHub repositories, issues, pull requests, and more using their web browser - Using the `gh codespace` command set, GitHub CLI users can transition to Visual Studio Code to work with GitHub Codespaces This is done by using URLs provided through API responses from authenticated GitHub hosts when users execute `gh` commands. Prior to `2.12.1`, `Browser.Browse()` would attempt...

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin

The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity—and it’s a familiar face.

Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale

Alleged TikTok Breach: Threat actor “Often9” claims to sell 428M user records, including emails, phones, and account details on dark web forum.

Victoria’s Secret US Website Restored After Security Incident

Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…