Security
Headlines
HeadlinesLatestCVEs

Latest News

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows - CVE-2014-3931 (CVSS score: 9.8) - A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an

The Hacker News
#vulnerability#buffer_overflow#The Hacker News
TAG-140 Targets Indian Government Via 'ClickFix-Style' Lure

The threat actors trick victims into opening a malicious script, leading to the execution of the BroaderAspect .NET loader.

GHSA-j47q-rc62-w448: fastapi-guard is vulnerable to ReDoS through inefficient regex

### Summary fastapi-guard detects penetration attempts by using regex patterns to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. It is not as severe as _exponential_ complexity ReDoS, but still downgrades performance and allows DoS exploits. An attacker can trigger high cpu usage and make a service unresponsive for hours by sending a single request in size of KBs. ### PoC e.g. https://github.com/rennf93/fastapi-guard/blob/1e6c2873bfc7866adcbe5fc4da72f2d79ea552e7/guard/handlers/suspatterns_handler.py#L31C79-L32C7 ```python payload = lambda n: '<'*n+ ' '*n+ 'style=' + '"'*n + ' '*n+ 'url('*n # complexity: O(n^5) print(requests.post("http://172.24.1.3:8000/", data=payload(50)).elapsed) # 0:00:03.771120 print(requests.post("http://172.24.1.3:8000/", data=payload(100)).elapsed) # 0:01:17.952637 print(requests.post("http://172.24.1.3:8000/", da...

GHSA-36rg-gfq2-3h56: Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes

### Summary An open redirect has been found in the `originCheck` middleware function, which affects the following routes: `/verify-email`, `/reset-password/:token`, `/delete-user/callback`, `/magic-link/verify`, `/oauth-proxy-callback`. ### Details In the `matchesPattern` function, `url.startsWith(` can be deceived with a `url` that starts with one of the `trustedOrigins`. ```jsx const matchesPattern = (url: string, pattern: string): boolean => { if (url.startsWith("/")) { return false; } if (pattern.includes("*")) { return wildcardMatch(pattern)(getHost(url)); } return url.startsWith(pattern); }; ``` ### Open Redirect PoCs ```jsx export const auth = betterAuth({ baseURL: 'http://localhost:3000', trustedOrigins: [ "http://trusted.com" ], emailAndPassword: { ... }, }) ``` #### `/reset-password/:token` <img width="481" alt="image" src="https://github.com/user-attachments/assets/46e7871a-1dad-4375-af94-0446e29aaab6" /> <br/> <img width="518" alt...

Bert Blitzes Linux &amp; Windows Systems

The new ransomware strain's aggressive multithreading and cross-platform capabilities make it a potent threat to enterprise environments.

DPRK macOS 'NimDoor' Malware Targets Web3, Crypto Platforms

Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests.

ICC Contained Cyberattack Amid Espionage Threats and Pressure

International Criminal Court faces new "sophisticated" cyberattack in The Hague. Occurring near the NATO summit, this incident impacts the ICC as it handles major global cases.

Ransomware Attack Triggers Widespread Outage at Ingram Micro

The outage began shortly before the July 4 holiday weekend and caused disruptions for customer ordering and other services provided by the IT distributor.

AT&T Reaches $177M Deal Over 2019 and 2024 Data Breaches

AT&T's $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents. Get claim details here.

'Hunters International' RaaS Group Closes Its Doors

The announcement comes just months after security researchers observed that the group was making the transition to rebrand to World Leaks, a data theft outfit.