Security
Headlines
HeadlinesLatestCVEs

Tag

#git

StormWall Reveals India, China and US Faced Most DDoS Attacks in Q1 2025

Shift in cyberattack focus puts APAC region under growing pressure.

HackRead
Open in Source
#ddos#git#botnet
Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords

A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…

Chrome Drops Trust for Chunghwa, Netlock Certificates

Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.

The Role of Continuous Integration and Continuous Deployment (CI/CD) in DevOps

Modern software development demands rapid delivery of high-quality applications that can adapt to changing business requirements and user…

GHSA-9qvj-rpj8-v5c8: Pekko Management may not properly apply authenticator when Basic Authentication enabled

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.

The North Face warns customers about potentially stolen data

For the fourth time in its history, The North Face has notified customers that their account may have been compromised. This...

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified "malicious multi-stage downloader Powershell scripts" hosted on lure websites that masquerade as Gitcode and DocuSign. "

Europol Targets Over 2,000 Extremist Links Exploiting Minors Online

Europol targets extremist online content exploiting minors, tackling rising use of AI, propaganda, and grooming across Europe’s digital platforms.

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.  The update will affect all Transport Layer Security (TLS)

GHSA-95rc-wc32-gm53: Gokapi vulnerable to stored XSS via uploading file with malicious file name

### Impact When using end-to-end encryption, a stored XSS vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. With the affected versions <v2.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users with <v2.0. Nethertheless with XSS, other attack vectors like redirection or crypto mining would be possble. ### Patches This CVE has been fixed in v2.0.0 ### Workarounds If you are the only authenticated user using Gokapi, you are not affected. A workaround would be to disable end-to-end encryption.