Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response MDR services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—...

UBUNTU-CVE-2023-45725

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...

function buyAndReduceDebt() spend more underlying token than user specified and also code doesn't check that swapFeeBips is less than BIPS_ONE and user can lose some of his underlying token balance that he gave protocol spending approval

Lines of code Vulnerability details Impact user can specify fee recipient and fee amount to send to that recipient and it is calculated by amount swapFeeBips / BIPSONE but there is no check in the code to make sure swapFeeBips is less than BIPSONE and if user set wrong value by mistake or client...

GitLab: DoS attack via comment on Issue

Summary There is no limit to the number of characters in the issue comments, which allows a DoS attack. The DoS attack affects both server-side and client-side. NOTE: This bug happens on GitLab.com. Steps to reproduce ▼Attack for Client-side 1. Sign in to GitLab. 2. Create a project as below: -...