Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99

The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring...

Design/Logic Flaw

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users ca...

CVE-2022-39233 Tuleap subject to Missing Authorization allowing for branch prefix modification

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users ca...

GitLab: Remote Command Execution via Github import

Summary This is very similar to https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/Remote%20Command%20Execution%20via%20Github%20import and allows arbitrary redis commands to be injected when imported a GitHub repository. When importing a GitHub repo the...

CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Exploit Author: Wade Guest Vendor Homepage: https://craftcms.com/ Software Link: https://plugins.craftcms.com/vcard Vulnerability Details:...

Mail.ru: Открытые сорцы

gitlab repository with opensource projects was available from external network on geekbrains.ru subdomain. While no sensitive information was leaked, decision was made to limit the access to eliminate possible risks in future...