GHSA-J6C9-X7QJ-28XF hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs

Key Takeaways HazyBeacon CL-STA-1020 targets Southeast Asian government networks by abusing AWS Lambda Function URLs configured with AuthType: NONE as stealth command-and-control relays. Attackers use stolen IAM credentials to deploy Lambda functions that proxy malware communications through...

Malicious code in Be.Vlaanderen.Basisrеgisters.Aws.Lаmbda (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Cross-site Scripting (XSS)

moodle is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to a lack of sanitization of user input to a recursive lambda function rendering to the Mustache template helper renderer allowing an attacker to inject maliciously crafted script into the system...

PT-2021-6134 · Vim +4 · Vim +4

Name of the Vulnerable Software and Affected Versions: vim affected versions not specified Description: The issue is related to a heap-based buffer overflow in the vim text editor, specifically in the eval lambda function located in src/eval.c. This overflow occurs in dynamic memory and can be...

Automating API Security in the Cloud

These days, the most common way for services to communicate and transfer data is by using APIs. However, broken, exposed, or hacked APIs are the cause of some of the latest major data breaches, as they have the potential to expose sensitive data for public consumption. Securing your APIs is...