Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and...

EUVD-2024-1746

Malicious code in bioql PyPI...

GHSA-RCW7-PQFP-735X secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vau...

PT-2025-36631

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vau...

How to Use Veeam Data Cloud Vault with ExpressRoute with Private Peering

Purpose This article documents the usage of Veeam Data Cloud Vault within environments that use Azure ExpressRoute with private peering. Solution Software Prerequisites Veeam Backup & Replication v12.3 or higher Veeam Data Cloud Vault Configuration Notes This article covers customers using...

How to register Veeam Data Cloud Vault in Veeam Backup for Microsoft Azure

Article Applicability This article is specifically for Veeam Backup for Microsoft Azure v8. With the release ofVeeam Backup for Microsoft Azure v8.1, the process for adding Veeam Data Cloud Vault as a repository has been fully integrated. Purpose This article documents the procedure for registeri...

CVE-2024-3744

A flaw was found in azure-file-csi-driver. Anyone with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions...

GHSA-QJQG-4WG7-957H azure-file-csi-driver leaks service account tokens in the logs

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...

CVE-2024-3744

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...

CVE-2024-3744

Azure-file-csi-driver may log service account tokens when TokenRequests is enabled and the driver runs at log level 2+. This could let an actor with log access exfiltrate tokens and potentially access cloud vault secrets. Affected versions are before 1.29.4 and 1.30.1; remediation involves upgrad...

CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...

secrets-store-csi-driver discloses service account tokens in logs

A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged...

PT-2023-3262 · Kubernetes · Secrets-Store-Csi-Driver

Name of the Vulnerable Software and Affected Versions: secrets-store-csi-driver versions prior to 1.3.3 Description: The issue is related to insufficient protection of registration data in the secrets-store-csi-driver component of Kubernetes. This can allow an attacker to gain unauthorized access...

org.apache.camel.quarkus:camel-quarkus-hashicorp-vault (=3.0.0-M1), org.apache.camel.quarkus:camel-quarkus-hashicorp-vault-deployment (=3.0.0-M1) +11 more potentially affected by CVE-2023-20859 via org.springframework.vault:spring-vault-core (=3.0.0)

org.springframework.vault:spring-vault-core MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.vault:spring-vault-core and may be impacted: - org.apache.camel.quarkus:camel-quarkus-hashicorp-vault =3.0.0-M1 -...