-
Phishing Tool GoIssue Targets Developers on GitHub
New phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign Read More
-
CISOs Turn to Indemnity Insurance as Breach Pressure Mounts
Panaseer claims 72% of security leaders are taking out personal indemnity insurance as board scrutiny increases Read More
-
USN-7100-2: Linux kernel vulnerabilities
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute…
-
New Citrix Zero-Day Vulnerability Allows Remote Code Execution
watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops Read More
-
libsoup3-3.4.4-3.fc39
FEDORA-2024-a059ea1dfc Packages in this update: libsoup3-3.4.4-3.fc39 Update description: Add patches to fix: CVE-2024-52530 libsoup3: HTTP request smuggling via stripping null bytes from the ends of header names (bug #2325358) CVE-2024-52532 libsoup3: infinite loop while reading websocket data (bug #2325356) Read More
-
libsoup3-3.4.4-5.fc40
FEDORA-2024-bd09057dd2 Packages in this update: libsoup3-3.4.4-5.fc40 Update description: Add patches to fix: CVE-2024-52530 libsoup3: HTTP request smuggling via stripping null bytes from the ends of header names (bug #2325358) CVE-2024-52532 libsoup3: infinite loop while reading websocket data (bug #2325356) Read More
-
North Korea Hackers Leverage Flutter to Deliver macOS Malware
Jamf observed North Korean attackers embedding malware within Flutter applications to target macOS devices, potentially to test a new way of weaponizing malware Read More
-
USN-7102-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.…
-
Criminals Exploiting FBI Emergency Data Requests
I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same thing is true for non-technical backdoors: The advisory said that the cybercriminals were successful in masquerading…
-
USN-7101-1: Pydantic vulnerability
It was discovered that Pydantic icorrectly handled certain regular expressions. A remote attacker could use this issue to cause denial of service via a crafted email string. Read More