The 2024 Threat Landscape State of Play

As we head into the final furlong of 2024, we caught up with Talos' Head of Outreach Nick Biasini to ask him what sort of year it's been so far in the threat landscape. In this video, Nick outlines his two major areas of concern. He also focusses on one state-sponsored actor that has been...

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic SADR cause with a novel mobile malware. Starry Addax conducts phishing attacks tricking their targets into installing malicious Androi...

OS Command Injection

addax is vulnerable to OS command injection. Lack of validation of user input to the presignPath function allows an attacker to inject and execute arbitrary OS commands on the host OS...

GHSA-4Q8F-5XXJ-946R Command Injection in addax

Versions of addax prior to 1.1.0 are vulnerable to Command Injection. The package does not validate user input on the presignPath function which receives input directly from the API endpoint. Exploiting the vulnerability requires authentication. This may allow attackers to run arbitrary commands ...

Command Injection in addax

Versions of addax prior to 1.1.0 are vulnerable to Command Injection. The package does not validate user input on the presignPath function which receives input directly from the API endpoint. Exploiting the vulnerability requires authentication. This may allow attackers to run arbitrary commands ...

Command Injection

Overview Versions of addax prior to 1.1.0 are vulnerable to Command Injection. The package does not validate user input on the presignPath function which receives input directly from the API endpoint. Exploiting the vulnerability requires authentication. This may allow attackers to run arbitrary...