Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator

Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users...

Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage’s proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability...

A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals

A highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government...

[SECURITY] Fedora 42 Update: wireshark-4.6.3-1.fc42

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

CVE-2025-14822 DoS from quadratic complexity in model.ParseHashtags

Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...

curl: Directory listing vulnerability is disclosing names and emails, widespread (thousands of records, publicly accessible without auth)

Summary: directory listing vulnerability is disclosing names and emails and so many other sensitive information, that significantly increases the severity because these are considered as PII Personally Identifiable Information. Thousands of records, publicly accessible without auth also can be...

Sift or Get off the PoC: Applying Information Retrieval to Vulnerability Research with SiftRank

Security research is fundamentally a problem of resource constraint and consequent prioritization. There is simply too much attack surface and too little time and energy to spend analyzing it all. The most effective security researchers are often those who are most skilled at intuitively deciding...

Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks

Networking software company F5 disclosed a long-term breach of its systems this week. The fallout could be severe...

Ransomware attack at blood center: Org tells users their data’s been stolen

A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center’s NYBC suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a...

U.S. Dept Of Defense: IDOR Exposes PII of Tens of Thousands of Users and Supervisors

A vulnerability was discovered that exposed personally identifiable information PII of tens of thousands of users and supervisors. The vulnerability was found in a system that allowed users to submit a SAAR. By modifying a URL parameter, users could view other users' SAARs, which contained...

PT-2024-30386 · WordPress · Sweet Date

Name of the Vulnerable Software and Affected Versions: Sweet Date versions 3.7.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Sweet Date WordPress theme, which could expose thousands of sites to potential takeovers. This vulnerability may allow...

EulerOS 2.0 SP9 : systemd (EulerOS-SA-2024-1974)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of...

A Bootiful Podcast: Netflix’s Paul Bakker and Kavitha Srinivasan on scaling Spring Boot and Spring GraphQL

Hi, Spring fans! In this installment, I'm thrilled to be joined by Netflix's Paul Bakker and Kavitha Srinivasan, who explain how they're integrating and evolving Spring for GraphQL in their own GraphQL stack and how they're managing, growing, and evolving thousands of services written in Spring B...

nss: vulnerable to Minerva side-channel information leak

The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...

Celebrating ten years of the Microsoft Bug Bounty program and more than $60M awarded

This year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70 countries. These...

Sony Data Breach via MOVEit Vulnerability Affects Thousands in US

By Waqas The data breach occurred from May 28th to May 30th, 2023, and the stolen data included "names and other personal identifiers combined with Social Security Numbers SSNs." This is a post from HackRead.com Read the original post: Sony Data Breach via MOVEit Vulnerability Affects Thousands i...

PT-2023-5586 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 0.0.2 through 1.21.0 Description: The issue in Apache NiFi is related to the DBCPConnectionPool and HikariCPConnectionPool Controller Services, which allow an authenticated and authorized user to configure a Database URL...

Malicious code in oculoushide (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9b7403cc73bb98e45396c93de766686608f4d7f80a03e6e8af73d244de0c7fe1 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in libpipultravirtual (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7fcc0ea3b75f3b40abcfb64156cfe1244cf729c1511a1e325ca450c73a7ee9f4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in tpcraftcraftencode (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d51287043143cc2b77dac9f3dac8fe7c54c6e797cee2425b1a581c4565357235 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...