Category - API Security Blog

RST Threat feed. IOC: https://service-90aqnua5-1306801752.bj.apigw.tencentcs.com/api/getit

Found **https://service-90aqnua5-1306801752[.]bj.apigw.tencentcs....Read More ...

May 30, 2022

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...

May 30, 2022

resource-agents security update

[4.1.1-68] - azure-lb: fix redirect issue Resolves: rhbz#1850778 [4.1.1-67] - gcp-vpc-move-vip: add support for multiple alias IPs Resolves: rhbz#1846733 [4.1.1-65] - azure-events: handle exceptio ...

May 30, 2022

[SECURITY] Fedora 36 Update: python-jwt-2.4.0-1.fc36

A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties enco ...

May 30, 2022

GO-2022-0217

A DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. These inputs might be delivere ...

May 30, 2022

CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...

May 30, 2022

Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEibSaL_2onu9HFSkDKS6vpwfAW61CDKj7FffAdrYV-rfMCl0RTqFOAU0q4xUr3YMSKTAo-XMYuwdpQopOtC-PypD36JJ_IPRd-RrsO_yB-TfKWK6RbdnyS9kfb-8BIo0VA8vUV2hs_ ...

May 30, 2022

npm security update: Attack campaign using stolen OAuth tokens

On April 15, we published [a blog]() detailing an attack campaign utilizing stolen OAuth user tokens issued to two third-party GitHub.com integrators, Heroku and Travis CI. The npm organization on Git ...

May 30, 2022