GHSA-RGMP-4873-R683 Pterodactyl TOTPs can be reused during validity window

Summary When a user signs into an account with 2FA enabled they are prompted to enter a token. When that token is used, it is not sufficiently marked as used in the system allowing an attacker that intercepts that token to then use it in addition to a known username/password during the token...

CVE-2025-64754 Jitsi Meet has DOM Redirect on Microsoft OAuth Flow

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available...

PT-2023-12329 · Unknown · Garuda Linux

Name of the Vulnerable Software and Affected Versions: Garuda Linux affected versions not specified Description: The issue is related to an insecure user creation and authentication process in Garuda Linux. When creating users from the 'Garuda settings manager', the system temporarily leaves the...

New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable

A novel phishing technique called browser-in-the-browser BitB attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, wh...