GO-2022-0217

A DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. These inputs might be delivere ...

Continue Reading
CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...

Continue Reading
Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEibSaL_2onu9HFSkDKS6vpwfAW61CDKj7FffAdrYV-rfMCl0RTqFOAU0q4xUr3YMSKTAo-XMYuwdpQopOtC-PypD36JJ_IPRd-RrsO_yB-TfKWK6RbdnyS9kfb-8BIo0VA8vUV2hs_ ...

Continue Reading
npm security update: Attack campaign using stolen OAuth tokens

On April 15, we published [a blog]() detailing an attack campaign utilizing stolen OAuth user tokens issued to two third-party GitHub.com integrators, Heroku and Travis CI. The npm organization on Git ...

Continue Reading
Improper socket reuse in Apache Tomcat

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that ...

Continue Reading
GO-2021-0321

An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because th ...

Continue Reading
(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a co ...

Continue Reading
Malware in ctx

The `ctx` hosted project on [PyPI](https://pypi.org/project/ctx/) was taken over via user account compromise and replaced with a malicious project which contained runtime code that collected the cont ...

Continue Reading

Back to Main

Subscribe for the latest news: