Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-2xv9-ghh9-xc69: radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

### Impact This is a prototype pollution vulnerability. It impacts users of the `set` function within the Radashi library. If an attacker can control parts of the `path` argument to the `set` function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. ### Patches The vulnerability has been patched in commit [`8147abc8cfc3cfe9b9a17cd389076a5d97235a66`](https://github.com/radashi-org/radashi/commit/8147abc8cfc3cfe9b9a17cd389076a5d97235a66). Users should upgrade to a version of Radashi that includes this commit. The fix utilizes a new helper function, `isDangerousKey`, to prevent the use of `__proto__`, `prototype`, or `constructor` as keys in the path, throwing an error if any are encountered. This check is bypassed for objects with a `null` prototype. ### Workarounds Users on older versions can mitigate this vulnerability by sanitizing the...

ghsa
Open in Source
#vulnerability#ios#dos#git#java#rce#perl
184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

A huge dataset with all kinds of sensitive information, likely to be the result of infostealers, has been found unsecured online.

Why Quiet Expertise No Longer Wins Cybersecurity Clients

There’s a graveyard of brilliant cybersecurity companies that no one has ever heard of. These firms had incredible…

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs) across corporate clouds. That population is already overwhelming the enterprise: many companies

The Privacy-Friendly Tech to Replace Your US-Based Email, Browser, and Search

Thanks to drastic policy changes in the US and Big Tech’s embrace of the second Trump administration, many people are moving their digital lives abroad. Here are a few options to get you started.

SilverRAT Source Code Leaked Online: Here’s What You Need to Know

SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal.

Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments

Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from…

A Starter Guide to Protecting Your Data From Hackers and Corporations

Hackers. AI data scrapes. Government surveillance. Thinking about where to start when it comes to protecting your online privacy can be overwhelming. Here’s a simple guide for you—and anyone who claims they have nothing to hide.

FBI Warns of Silent Ransom Group Targeting Law Firms via Scam Calls

FBI warns law firms: Silent Ransom Group uses phishing emails and fake IT calls to steal data, demanding ransom to prevent public leaks. The agency is also urges victims to share ransom evidence.

SK Telecom Uncovers Two-Year Malware Attack, Leaking 26M IMSI Records

SK Telecom reveals malware intrusion that remained hidden for nearly two years, led to the leaking of 26.69…