CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Summary
A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact has an attestation with a predicate type different from the one provided in the command. As a result, users relying solely on these exit codes may mistakenly believe the attestation has been verified, despite the absence of an attestation with the specified predicate type and the tool printing a verification failure.
Users are advised to update gh to version v2.67.0 as soon as possible.
Initial report: https://github.com/cli/cli/issues/10418
Fix: https://github.com/cli/cli/pull/10421
Details
The gh attestation verify command fetches, loads, and attempts to verify attestations associated with a given artifact for a specified predicate type. If an attestation is found, but the predicate type does not match the one specified in the gh attestation verify command, the verification fails, but the program exits early.
Due to a re-used uninitialized error variable, when no matching attestations are found, the relevant function returns nil instead of an error, causing the program to exit with a status code of 0, which incorrectly suggests successful verification.
PoC
Run gh attestation verify with local attestations using the --bundle flag and specify a predicate type with --predicate-typ...
February 14th, 2025 (5 months ago)
|
|
|
Description: Summary
A vulnerability in the add_share function of the Rewards pallet (part of the ORML repository) can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range.
Affected Components
ORML Rewards pallet (rewards/src/lib.rs)
Any Substrate-based chain using ORML Rewards with add_share accepting unvalidated large u128 inputs
Technical Details
add_share performs arithmetic on user-supplied values (add_amount) of type T::Share (mapped to u128 in Acala).
If add_amount is large enough (e.g., i128::MAX), the intermediate result may overflow and panic on the cast to u128.
Validation occurs only after arithmetic, enabling a crafted input to trigger an overflow.
Impact
A malicious user submitting a specially crafted extrinsic can cause a panic in the runtime:
Denial of Service by crashing the node process.
Potential for invalid blocks produced by validators.
Likelihood
This issue is exploitable in production if there exists at least one rewards pool where reward tokens exceed twice the collateral tokens, allowing sufficiently large multiplication to exceed u128 bounds.
Remediation
This issue is fixed in https://github.com/open-web3-stack/open-runtime-module-library/pull/1016
Backport
The patch have been backported to following release branches:
polkadot-stable2407
polkadot-stable2409
A 1.0.1 patch release is made with this fix.
References
https://github.com/open-web3-stack/open-runtime-module-library/security/advisories/GHSA-5v93-9mqw-p9mh...
February 14th, 2025 (5 months ago)
|
|
|
Description: The library provides a public safe API transmute_vec_as_bytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer.
In the issue, we develop a PoC to show passing struct type to transmute_vec_as_bytes could lead to undefined behavior with Vec::from_raw_parts.
The developers provide a patch by changing trait of Copy to Pod, which can make sure T should be plain data. This was patched in the latest version of master branch, but still not on the latest release (0.28.1).
References
https://github.com/FyroxEngine/Fyrox/issues/630
https://github.com/FyroxEngine/Fyrox/pull/662
https://github.com/FyroxEngine/Fyrox/commit/474e3b01a884366cdb7d704f7456ef692e992232
https://rustsec.org/advisories/RUSTSEC-2024-0435.html
https://github.com/advisories/GHSA-h7h7-6mx3-r89v
February 14th, 2025 (5 months ago)
|
|
|
Description: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort
February 14th, 2025 (5 months ago)
|
|
|
Description: A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. [...]
February 14th, 2025 (5 months ago)
|
|
|
Description: A newly discovered phishing campaign targeting Microsoft 365 accounts has been attributed to Russian-linked threat actors, leveraging an advanced technique known as device code authentication phishing. Reports from both Microsoft and cybersecurity firm Volexity indicate that multiple groups have been exploiting this method since mid-2024, targeting government agencies, NGOs, defense organizations, and private companies across …
The post Hackers Use Device Code Phishing to Hijack Microsoft 365 Accounts appeared first on CyberInsider.
February 14th, 2025 (5 months ago)
|
|
|
Description: This week, we discuss Apple's iCloud, Wikipedia as a miracle of humankind, and good soup.
February 14th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling a Chromium Extension and Loader
February 14th, 2025 (5 months ago)
|
|
|
Description: Description
A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it. The flaw exists in the VOC, COCO and YOLO export functionalites. These functions invoke a download function on the label-studio-sdk python package, which fails to validate file paths when processing image references during task exports:
def download(
url,
output_dir,
filename=None,
project_dir=None,
return_relative_path=False,
upload_dir=None,
download_resources=True,
):
is_local_file = url.startswith("/data/") and "?d=" in url
is_uploaded_file = url.startswith("/data/upload")
if is_uploaded_file:
upload_dir = _get_upload_dir(project_dir, upload_dir)
filename = urllib.parse.unquote(url.replace("/data/upload/", ""))
filepath = os.path.join(upload_dir, filename)
logger.debug(
f"Copy {filepath} to {output_dir}".format(
filepath=filepath, output_dir=output_dir
)
)
if download_resources:
shutil.copy(filepath, output_dir)
if return_relative_path:
return os.path.join(
os.path.basename(output_dir), os.path.basename(...
February 14th, 2025 (5 months ago)
|
|
|
Description: Description
Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted label_config query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution.
The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL.
This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions.
Steps to reproduce
Create a malicious label config that includes an XSS payload in embedded task data:
URL encode the payload and access the following URL:
http://app/projects/upload-example/?label_config=%3CView%3E%3C!--%20{%22data%22:%20{%22text%22:%20%22%3Cdiv%3E%3Cimg%20src=x%20onerror=eval(atob(`YWxlcnQoIlhTUyIp`))%3E%3C/div%3E%22}}%20--%3E%3CHyperText%20name=%22text%22%20value=%22$text%22/%3E%3C/View%3E
When executed, the payload causes the application to render an HTML page containing an img tag that fails to l...
February 14th, 2025 (5 months ago)
|