Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters ID: jkphinfhmfkckkcnifhjiplhfoiefffl, is marketed as a way to scrape Meta...

CVE-2024-22206

Clerk/Next.js vulnerability CVE-2024-22206: a logic flaw in auth() (App Router) or getAuth() (Pages Router) could allow unauthorized access or privilege escalation. Affected versions are all that use @clerk/nextjs prior to the fix, with remediation provided by upgrading to @clerk/nextjs v4.29.3. ...

The vulnerability of the HttpHeader::getAuth function in the Squid proxy server allows a hacker to trigger a service denial or execute arbitrary code.

The vulnerability of the HttpHeader::getAuth function in the Squid proxy server is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to cause service failures or execute arbitrary code...

squid: heap-based buffer overflow in HttpHeader::getAuth

A flaw was discovered in Squid versions 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data but does not check that the decoded length is not greater than the buffer. This flaw leads to a heap-based buffer overflow...