CVE-2024-21495

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predict ...

Continue Reading
Design/Logic Flaw

Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been ...

Continue Reading
CVE-2024-25619

Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been ...

Continue Reading
Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware

As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Col ...

Continue Reading
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS ...

Continue Reading
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS ...

Continue Reading
Pixelfed doesn’t check OAuth Scopes in API routes, giving elevated permissions

Summary When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and m ...

Continue Reading
Pixelfed doesn’t check OAuth Scopes in API routes, giving elevated permissions

Summary When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and m ...

Continue Reading

Back to Main

Subscribe for the latest news: