Security
Headlines
HeadlinesLatestCVEs

Tag

#web

How to Recover Deleted Photos from an iPhone

Accidentally deleted some photos from your iPhone? You’re definitely not alone; most iPhone users have done it at…

HackRead
Open in Source
#web#mac#windows#apple#perl#wifi
Aura or LifeLock: Who Offers Better Identity Protection in 2025?

The Growing Threat of Digital Identity Theft Identity theft is a continuous online threat that lurks behind every…

GHSA-223j-4rm8-mrmf: Next.js may leak x-middleware-subrequest-id to external hosts

## Summary In the process of remediating [CVE-2025-29927](https://github.com/advisories/GHSA-f82v-jwr5-mffw), we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Learn more [here](https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O). ## Credit Thank you to Jinseo Kim [kjsman](https://hackerone.com/kjsman?type=user) and [ryotak](https://hackerone.com/ryotak?type=user) for the responsible disclosure. These researchers were awarded as part of our bug bounty program.

GHSA-49v8-p6mm-3pfj: Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component

SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.

79 Arrested as Dark Web’s Largest Child Abuse Network ‘Kidflix’ Busted

Dark web child abuse hub ‘Kidflix’ dismantled in global operation. 1.8M users, 91,000+ CSAM videos exposed. 79 arrests, 39 children rescued.

Cybersecurity Professor Faced China-Funding Inquiry Before Disappearing, Sources Say

A lawyer for Xiaofeng Wang and his wife says they are “safe” after FBI searches of their homes and Wang’s sudden dismissal from Indiana University, where he taught for over 20 years.

China’s FamousSparrow APT Hits Americas with SparrowDoor Malware

China-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports.

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of uploaded session files and the deserialization mechanism. 🔻 The vendor’s […]

Canon Printer Drivers Flaw Could Let Hackers Run Malicious Code

A critical vulnerability (CVE-2025-1268) in Canon printer drivers allows remote code execution. See which drivers are affected, how to patch them.

GHSA-pph8-gcv7-4qj5: PyO3 Risk of buffer overflow in `PyString::from_object`

`PyString::from_object` took `&str` arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the `&str` data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow). In PyO3 0.24.1 this function will now allocate a `CString` to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes `&CStr` arguments.