PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

A Latin America LATAM-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractiv...

GHSA-XGFM-FJX6-62MJ readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects

Impact This vulnerability could have allowed an attacker to include arbitrary HTML content in search results by having a user search a malicious project. This was due to our search client not correctly escaping all user content from search results. You can find more information in the advisory...

TurboWarp 安全漏洞

TurboWarp is a TurboWarp open source application. A security vulnerability exists in versions prior to TurboWarp 1.8.0 that stems from allowing a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server...

GitLab Remote Code Execution Vulnerability

GitLab is an open source, end-to-end software development platform from the U.S. company GitLab, with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. GitLab has a remote code execution vulnerability, the vulnerability...