One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code VS Code that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones...

Cross-site Scripting (XSS)

Cadwyn is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper handling of the version parameter in the /docs endpoint, which allows an attacker to execute arbitrary JavaScript in a user's session via a one-click attack...

PYSEC-2025-71

Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. This XSS would notably allow an attacker to execute JavaScript code ...

Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware

The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was foun...

Cross site request forgery (csrf)

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery also known as one-click attack and is abbreviated as CSRF or XSRF, which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web applicati...