CyberAlerts

AI Company Asks Job Applicants Not to Use AI in Job Applications

Description: Anthropic, the developer of the conversational AI assistant Claude, doesn’t want prospective new hires using AI assistants in their applications, regardless of whether they’re in marketing or engineering.

Source: 404 Media

February 3rd, 2025 (5 months ago)

Europe Cracks Down on DeepSeek Over Data Privacy Concerns

Description: European regulators are raising alarms over DeepSeek, a Chinese AI chatbot, due to concerns about data privacy and security. The Netherlands’ data protection authority (AP) issued a warning against using the service, while Italy has taken more aggressive action, blocking the chatbot outright. Both countries cite the risk of European user data being stored in … The post Europe Cracks Down on DeepSeek Over Data Privacy Concerns appeared first on CyberInsider.

Source: CyberInsider

February 3rd, 2025 (5 months ago)

Qilin Ransomware Claims Many Victims

Description: Qilin Ransomware Claims Many Victims

Source: DarkWebInformer

February 3rd, 2025 (5 months ago)

[github.com/cometbft/cometbft] CometBFT allows a malicious peer to make node stuck in blocksync

Description: Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync Component: CometBFT Criticality: Medium (Considerable Impact; Possible Likelihood per ACMv1.2) Affected versions: <= v0.38.16, v1.0.0 Affected users: Validators, Full nodes Impact A malicious peer may be able to interfere with a node's ability to sync blocks with peers via the blocksync mechanism. In the blocksync protocol peers send their base and latest heights when they connect to a new node (A), which is syncing to the tip of a network. base acts as a lower ground and informs A that the peer only has blocks starting from height base. latest height informs A about the latest block in a network. Normally, nodes would only report increasing heights: B: {base: 100, latest: 1000} B: {base: 100, latest: 1001} B: {base: 100, latest: 1002} ... If B fails to provide the latest block, B is removed and the latest height (target height) is recalculated based on other nodes latest heights. The existing code hovewer doesn't check for the case where B first reports latest height X and immediately after height Y, where X > Y. For example: B: {base: 100, latest: 2000} B: {base: 100, latest: 1001} B: {base: 100, latest: 1002} ... A will be trying to catch up to 2000 indefinitely. Even if B disconnects, the latest height (target height) won't be recalculated because A "doesn't know where 2000" came from per see. Impact Qualification This condition requires the introduction of malicious code in the full...

Source: Github Advisory Database (Go)

February 3rd, 2025 (5 months ago)

[django-unicorn] Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass

Description: Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality set_property_value, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding, so far we've found at least five ways of vulnerability exploitation, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. Analysis of Vulnerable Function By taking a look at the vulnerable function set_property_value located at: django_unicorn/views/action_parsers/utils.py. You can observe the functionality is responsible for modifying a property value of an object. The property is specified by a dotted form of path at the second parameter property_name, where nested reference to object is supported, and base object and the assigned value is given by the first parameter component and third parameter property_value. # https://github.com/adamghill/django-unicorn/blob/7dcb01009c3c4653b24e0fb06c7bc0f9d521cbb0/django_unicorn/views/action_parsers/utils.py#L10 def set_property_value( component, property_name, property_value ) -> None: ... property_name_parts = property_name.split(".") component_or_field = compone...

Source: Github Advisory Database (PIP)

February 3rd, 2025 (5 months ago)

[phpoffice/phpspreadsheet] PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters

Description: Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS vector v.3.1: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVSS vector v.4.0: 4.8 (AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N) Description: an attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link Impact: executing arbitrary JavaScript code in the browser Vulnerable component: class PhpOffice\PhpSpreadsheet\Writer\Html, method generateRow Exploitation conditions: a user viewing a specially generated xml file Mitigation: additional sanitization of special characters in a string Researcher: Igor Sak-Sakovskiy (Positive Technologies) Research The researcher discovered zero-day vulnerability Bypass XSS sanitizer using the javascript protocol and special characters in Phpspreadsheet. The following code is written on the server, which translates the XML file into an HTML representation and displays it in the response. Listing 4. Source code on the server load($inputFileName); $writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet); print($writer->generateHTMLAll()); The contents of the xml file - ./doc/file.xml Listing 5. The contents of the xml file author author 2015-06-05T18:19:34Z 2024-12-25T10:16:07Z 16.00 11020 19420 32767 32767 False False <Alignment...

Source: Github Advisory Database (Composer)

February 3rd, 2025 (5 months ago)

1-Click Phishing Campaign Targets High-Profile X Accounts

Description: In an attack vector that's been used before, threat actors aim to commit crypto fraud by hijacking highly followed users, thus reaching a broad audience of secondary victims.

Source: Dark Reading

February 3rd, 2025 (5 months ago)

Red Wolf Cyber Team Targeted the Website of Acted

Description: Red Wolf Cyber Team Targeted the Website of Acted

Source: DarkWebInformer

February 3rd, 2025 (5 months ago)

miyako is Allegedly Selling Access to a Server Hosting a Firewall for a U.S. Government Missile Defense Contractor

Description: miyako is Allegedly Selling Access to a Server Hosting a Firewall for a U.S. Government Missile Defense Contractor

Source: DarkWebInformer

February 3rd, 2025 (5 months ago)

Sythe Allegedly Leaked Drivers Licenses Data from Florida

Description: Sythe Allegedly Leaked Drivers Licenses Data from Florida

Source: DarkWebInformer

February 3rd, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	AI Company Asks Job Applicants Not to Use AI in Job Applications Description: Anthropic, the developer of the conversational AI assistant Claude, doesn’t want prospective new hires using AI assistants in their applications, regardless of whether they’re in marketing or engineering. Source: 404 Media February 3rd, 2025 (5 months ago)
	Europe Cracks Down on DeepSeek Over Data Privacy Concerns Description: European regulators are raising alarms over DeepSeek, a Chinese AI chatbot, due to concerns about data privacy and security. The Netherlands’ data protection authority (AP) issued a warning against using the service, while Italy has taken more aggressive action, blocking the chatbot outright. Both countries cite the risk of European user data being stored in … The post Europe Cracks Down on DeepSeek Over Data Privacy Concerns appeared first on CyberInsider. Source: CyberInsider February 3rd, 2025 (5 months ago)
	Qilin Ransomware Claims Many Victims Description: Qilin Ransomware Claims Many Victims Source: DarkWebInformer February 3rd, 2025 (5 months ago)
	[github.com/cometbft/cometbft] CometBFT allows a malicious peer to make node stuck in blocksync Description: Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync Component: CometBFT Criticality: Medium (Considerable Impact; Possible Likelihood per ACMv1.2) Affected versions: <= v0.38.16, v1.0.0 Affected users: Validators, Full nodes Impact A malicious peer may be able to interfere with a node's ability to sync blocks with peers via the blocksync mechanism. In the blocksync protocol peers send their base and latest heights when they connect to a new node (A), which is syncing to the tip of a network. base acts as a lower ground and informs A that the peer only has blocks starting from height base. latest height informs A about the latest block in a network. Normally, nodes would only report increasing heights: B: {base: 100, latest: 1000} B: {base: 100, latest: 1001} B: {base: 100, latest: 1002} ... If B fails to provide the latest block, B is removed and the latest height (target height) is recalculated based on other nodes latest heights. The existing code hovewer doesn't check for the case where B first reports latest height X and immediately after height Y, where X > Y. For example: B: {base: 100, latest: 2000} B: {base: 100, latest: 1001} B: {base: 100, latest: 1002} ... A will be trying to catch up to 2000 indefinitely. Even if B disconnects, the latest height (target height) won't be recalculated because A "doesn't know where 2000" came from per see. Impact Qualification This condition requires the introduction of malicious code in the full... Source: Github Advisory Database (Go) February 3rd, 2025 (5 months ago)
	[django-unicorn] Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass Description: Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality set_property_value, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding, so far we've found at least five ways of vulnerability exploitation, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. Analysis of Vulnerable Function By taking a look at the vulnerable function set_property_value located at: django_unicorn/views/action_parsers/utils.py. You can observe the functionality is responsible for modifying a property value of an object. The property is specified by a dotted form of path at the second parameter property_name, where nested reference to object is supported, and base object and the assigned value is given by the first parameter component and third parameter property_value. # https://github.com/adamghill/django-unicorn/blob/7dcb01009c3c4653b24e0fb06c7bc0f9d521cbb0/django_unicorn/views/action_parsers/utils.py#L10 def set_property_value( component, property_name, property_value ) -> None: ... property_name_parts = property_name.split(".") component_or_field = compone... Source: Github Advisory Database (PIP) February 3rd, 2025 (5 months ago)
	[phpoffice/phpspreadsheet] PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Description: Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS vector v.3.1: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) CVSS vector v.4.0: 4.8 (AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N) Description: an attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link Impact: executing arbitrary JavaScript code in the browser Vulnerable component: class PhpOffice\PhpSpreadsheet\Writer\Html, method generateRow Exploitation conditions: a user viewing a specially generated xml file Mitigation: additional sanitization of special characters in a string Researcher: Igor Sak-Sakovskiy (Positive Technologies) Research The researcher discovered zero-day vulnerability Bypass XSS sanitizer using the javascript protocol and special characters in Phpspreadsheet. The following code is written on the server, which translates the XML file into an HTML representation and displays it in the response. Listing 4. Source code on the server load($inputFileName); $writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet); print($writer->generateHTMLAll()); The contents of the xml file - ./doc/file.xml Listing 5. The contents of the xml file author author 2015-06-05T18:19:34Z 2024-12-25T10:16:07Z 16.00 11020 19420 32767 32767 False False <Alignment... Source: Github Advisory Database (Composer) February 3rd, 2025 (5 months ago)
	1-Click Phishing Campaign Targets High-Profile X Accounts Description: In an attack vector that's been used before, threat actors aim to commit crypto fraud by hijacking highly followed users, thus reaching a broad audience of secondary victims. Source: Dark Reading February 3rd, 2025 (5 months ago)
	Red Wolf Cyber Team Targeted the Website of Acted Description: Red Wolf Cyber Team Targeted the Website of Acted Source: DarkWebInformer February 3rd, 2025 (5 months ago)
	miyako is Allegedly Selling Access to a Server Hosting a Firewall for a U.S. Government Missile Defense Contractor Description: miyako is Allegedly Selling Access to a Server Hosting a Firewall for a U.S. Government Missile Defense Contractor Source: DarkWebInformer February 3rd, 2025 (5 months ago)
	Sythe Allegedly Leaked Drivers Licenses Data from Florida Description: Sythe Allegedly Leaked Drivers Licenses Data from Florida Source: DarkWebInformer February 3rd, 2025 (5 months ago)