Advisories
-
[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025
Posted by Artur Janicki via Fulldisclosure on Apr 26 [APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 14th International Workshop on Cyber Crime (IWCC 2025 – https://2025.ares-conference.eu/program/iwcc/) to be held in conjunction with the 20th International Conference on Availability, Reliability and Security (ARES 2025 – http://2025.ares-conference.eu) August 11-14, 2025, Ghent, Belgium IMPORTANT DATES Submission Deadline May 12,…
-
Inedo ProGet Insecure Reflection and CSRF Vulnerabilities
Posted by Daniel Owens via Fulldisclosure on Apr 26 Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks (among other things) because the information system directly exposes the C# reflection used during the request-action mapping process and fails to properly protect certain pathways. These are amplified by cross-site…
-
Ruby on Rails Cross-Site Request Forgery
Posted by Daniel Owens via Fulldisclosure on Apr 26 Good morning. All current versions and all versions since the 2022/2023 “fix” to the Rails cross-site request forgery (CSRF) protections continue to be vulnerable to the same attacks as the 2022 implementation. Currently, Rails generates “authenticity tokens” and “csrf tokens” using a random “one time pad”…
-
Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)
Posted by hyp3rlinx on Apr 26 [-] Microsoft “.library-ms” File / NTLM Information Disclosure Spoofing (Resurrected 2025) / CVE-2025-24054 [+] John Page (aka hyp3rlinx) [+] x.com/hyp3rlinx [+] ISR: ApparitionSec Back in 2018, I reported a “.library-ms” File NTLM information disclosure vulnerability to MSRC and was told “it was not severe enough”, that being said I…
-
kappanhang-0-0.3.20250427gitdffb773.fc41
FEDORA-2025-eecb0ea534 Packages in this update: kappanhang-0-0.3.20250427gitdffb773.fc41 Update description: Update to git snapshot dffb773 Read More
-
Friday Squid Blogging: Squid Facts on Your Phone
Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read More
-
A Vulnerability in SAP NetWeaver Visual Composer Could Allow for Remote Code Execution
A vulnerability has been discovered in SAP NetWeaver Visual Composer, which could allow for remote code execution. SAP NetWeaver Visual Composer is SAP’s web-based software modelling tool. It enables business process specialists and developers to create business application components, without coding. Successful exploitation of this vulnerability could allow for remote code execution in the context…
-
Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes
Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models Read More
-
SAP Fixes Critical Vulnerability After Evidence of Exploitation
A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors Read More
-
M&S Shuts Down Online Orders Amid Ongoing Cyber Incident
British retailer M&S continues to tackle a cyber incident with online orders now paused for customers Read More