29 matches found
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler
Summary The addRepeatIntervalToTime function uses an On loop that advances a date by the task's RepeatAfter duration until it exceeds the current time. By creating a repeating task with a 1-second interval and a due date far in the past, an attacker triggers billions of loop iterations, consuming...
PT-2026-31950
Name of the Vulnerable Software and Affected Versions: Vikunja versions prior to 2.3.0 Description: Vikunja, a self-hosted task management platform, contains an issue where the addRepeatIntervalToTime function uses an inefficient loop. An attacker can create a repeating task with a 1-second...
Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses
A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars...
A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft
A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited...
CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’
US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet...
This startup aims to solve crypto’s broken key management problem
Crypto security firm Sodot launches Exchange API Vault to stop API key theft, securing billions in assets while supporting low latency, high frequency trading...
Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)
This week on the Lock and Code podcast … This is the story of the world's worst scam and how it is being used to fuel entire underground economies that have the power to rival nation-states across the globe. This is the story of "pig butchering." "Pig butchering" is a violent term that is used to...
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now...
Update Chrome now: 20 security fixes just landed
Google has released an update for its Chrome browser that includes 20 security fixes, several of which are classed as high severity. Most of these flaws were found in Chrome’s V8 engine—the part of Chrome and other Chromium-based browsers that runs JavaScript. Chrome is by far the world’s most...
Is AI moving faster than its safety net?
You’ve probably noticed that artificial intelligence, or AI, has been everywhere lately—news, phones, apps, even in your browser. It seems like everything suddenly wants to be “powered by AI.“ If it’s not, it’s considered old school and boring. It’s easy to get swept up in the promise: smarter...
224 malicious apps removed from the Google Play Store after ad fraud campaign discovered
Researchers have discovered a large ad fraud campaign on Google Play Store. The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign "SlopAds." Ad fraud is a...
National Public Data Relaunches Despite 2.9 Billion SSNs Breach
It is business as usual at National Public Data NPD despite the breach that exposed 3 billion Social Security numbers and the subsequent leak...
493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds
Scam compounds in Cambodia, Myanmar, and Laos have conned people out of billions. New research shows they may be linked to child sextortion crimes too...
The Pig Butchering Invasion Has Begun
Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process...
PT-2024-12094 · Xiaomi · Xiaomi File Manager
Name of the Vulnerable Software and Affected Versions: Xiaomi File Manager affected versions not specified Description: A path traversal vulnerability exists in the Xiaomi File Manager application, caused by unfiltered special characters. This allows attackers to overwrite and execute code in...
Social Login Flaws in Popular Websites Risked Billions of User Accounts
By Deeba Ahmed The critical API security flaws in the social sign-in and OAuth Open Authentication implementations affected high-profile companies like… This is a post from HackRead.com Read the original post: Social Login Flaws in Popular Websites Risked Billions of User Accounts...
Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts
The tech industry’s transition to passkeys gets its first massive boost with the launch of the alternative login scheme for Google’s billions of users...
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017 , concerns an out-of-bounds write, while the other,...
The Secret Vulnerability Finance Execs are Missing
The Other Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal. The odd...
CVE-2022-35737
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...