All together now: Spring Boot 3.2, GraalVM native images, Java 21, and virtual threads with Project Loom,

This has been a very long time in coming, but finally we can create GraalVM native images that use Spring Boot via Spring Boot 3.2 and Java 21's virtual threads Project Loom! Why does all this matter? Each of these individual things, Project Loom, and GraalVM native images, offer compelling runti...

PYSEC-2023-166

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted...

CVE-2023-20897

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted...

CVE-2023-20897

Removed by vendor...

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom...

My SpringOne 2023 Recap

Hi, Spring fans! Look, it's Monday after the first in-person SpringOne of the 2020s and the first since the pandemic, and, being honest, I'm bushed! Vegas is a dizzying, sensational, overwhelming, exciting experience, and SpringOne is too. But it was worth it. The SpringOne show surpassed all...

GHSA-J55R-787P-M549 Shescape on Windows escaping may be bypassed in threaded context

Impact This may impact users that use Shescape on Windows in a threaded context e.g. using Worker threads. The vulnerability can result in Shescape escaping or quoting for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This...

GHSA-7VXC-Q7RV-QFJ8 SUCHMOKUO node-worker-threads-pool denial of service Vulnerability

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3 that allows attackers to cause a denial of service. This can be mitigated by manually creating a timeout. For example: ts const StaticPool = require"node-worker-threads-pool"; const staticPool = new...

@blockmatic/eosio-ship-reader (>=0.3.0 <=1.2.0), @kongkong21/eosio-ship-reader (>=1.3.0 <=1.3.1) +4 more potentially affected by CVE-2021-29057 via node-worker-threads-pool (=1.4.3)

node-worker-threads-pool NPM version =1.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on node-worker-threads-pool and may be impacted: - @blockmatic/eosio-ship-reader =0.3.0, =1.3.0, =1.0.0, =0.0.2, =0.0.1, =1.0.53 Source cves: CVE-2021-29057 Source...

Denial of service

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service...

CVE-2021-29057

CVE-2021-29057 affects node-worker-threads-pool v1.4.3 via the StaticPool component, enabling a denial-of-service condition. Descriptions across multiple sources confirm the DoS impact but do not provide deep technical exploit details beyond that a DoS can be triggered. A practical mitigation men...

PT-2023-8000

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC SETCONF ioctl on the same tty file descriptor with t...

CVE-2021-29057

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service...

node-worker-threads-pool Resource Management Error Vulnerability

node-worker-threads-pool is a simple worker threads pool using Node's workerthreads module by MOKUO Personal Developer. A security vulnerability exists in node-worker-threads-pool version 1.4.3, which stems from a security issue that allows an attacker to cause a denial of service DoS by exploiti...

x86/Intel: Gather Data Sampling

ISSUE DESCRIPTION A researcher has discovered Gather Data Sampling, a transient execution side-channel whereby the AVX GATHER instructions can forward the content of stale vector registers to dependent instructions. The physical register file is a structure competitively shared between sibling...

Exploit for CVE-2023-38646

🛡️ Exploit for CVE-2023-38646 🛡️ Welcome to this powerful exp...

x86/AMD: Zenbleed

ISSUE DESCRIPTION Researchers at Google have discovered Zenbleed, a hardware bug causing corruption of the vector registers. When a VZEROUPPER instruction is discarded as part of a bad transient execution path, its effect on internal tracking are not unwound correctly. This manifests as the wrong...

Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe

By Habiba Rashid Due to privacy concerns, Meta has not yet released the Threads app in EU countries, creating a loophole for criminals to upload fake versions of the app. This is a post from HackRead.com Read the original post: Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe...

Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission DPC. The development was reported by the Irish Independent, which said the watchdog has been in contact with the soci...

Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission DPC. The development was reported by the Irish Independent, which said the watchdog has been in contact with the soci...