⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And...

Microsoft GitHub Copilot and Visual Studio Code 命令注入漏洞

Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a command injection vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to bypass certain...

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language SAML authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and...

(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag within a devcontainer...

(0Day) Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of Dev-Containers. The application does not enforce the privileged flag with...