GHSA-Q537-QHJ4-WCJX OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. Impact Full platform access, access to sensitive or proprietary information...

EUVD-2025-6958

Malicious code in bioql PyPI...

TorchServe script references S3 bucket without ensuring ownership or confirming accessibility

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

CVE-2024-6577 Unclaimed S3 Bucket Usage in pytorch/serve

In the latest version of pytorch/serve, the script 'uploadresultstos3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not...

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted...

Source code of password manager LastPass stolen by attacker

In a security incident notice from LastPass the company informed the public know that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. There is no evidence that this incident involved any access to customer dat...

Industrial systems: What it takes to secure and staff them

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Patrick C. Miller,...

FSB Officers, Criminal Hackers Indicted in Yahoo Breach

The U.S. Department of Justice today indicted four individuals, including two Russian FSB officers, it alleges are connected to a massive breach of Yahoo’s network and the theft of information associated with 500 million accounts. One of the men, Karim Baratov, 22, was arrested March 14 in Canada...

NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2300/info NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI programs on the web server, if a ScriptAlias...

Microsoft Reads User Email without Warrant

Late last week it emerged that Microsoft had searched through the contents of a French blogger’s Hotmail account in order to track down the source of a leak of proprietary information from the Redmond, Wash., tech giant. The Electronic Frontier Foundation and transparency advocates have expressed...

Ex-Workers Indicted for Hacking Company Database

Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer. Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation...

ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution Vulnerability

ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-041 July 10, 2008 -- Affected Vendors: Novell -- Affected Products: Novell eDirectory -- TippingPointTM IPS Customer Protection: TippingPoint IPS customers have bee...

NCSA 1.31.4.x1.5 Apache HTTPd 0.8.110.8.14 - ScriptAlias Source Retrieval

NCSA 1.31.4.x1.5 Apache HTTPd 0.8.110.8.14 - ScriptAlias Source Retrieval source: https://www.securityfocus.com/bid/2300/info NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI...