Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or to the following age APIs when the plugin feature flag is enabled: age::plugin::Identity::from_str (or equivalently str::parse::<age::plugin::Identity>()) age::plugin::Identity::default_for_plugin age::plugin::IdentityPluginV1::new age::plugin::Recipient::from_str (or equivalently str::parse::<age::plugin::Recipient>()) age::plugin::RecipientPluginV1::new On UNIX systems, a directory matching age-plugin-* needs to exist in the working directory for the attack to succeed. The binary is executed with a single flag, either --age-plugin=recipient-v1 or --age-plugin=identity-v1. The standard input includes the recipient or identity string, and the random file key (if encrypting) or the header of the file (if decrypting). The format is constrained by the age-plugin protocol. An equivalent issue was fixed in the reference Go implementation of age, see advisory GHSA-32gq-x56h-299c. Thanks to ⬡-49016 for reporting this issue. References https://github.com/str4d/rage/security/advisories/GHSA-4fg7-vxc8-qx5w https://github.com/str4d/rage/commit/703152ecfa86f27952a35b57dd525ed39396a227 https://github.com/advisories/GHSA-4fg7-vxc8-qx5w
Source: Github Advisory Database (Rust)
December 18th, 2024 (5 months ago)
Description: A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. [...]
Source: BleepingComputer
December 18th, 2024 (5 months ago)
Description: Today, CISA urged senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States. [...]
Source: BleepingComputer
December 18th, 2024 (5 months ago)
Description: Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks. [...]
Source: BleepingComputer
December 18th, 2024 (5 months ago)
Description: Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud.
Source: Dark Reading
December 18th, 2024 (5 months ago)
Description: Good Samaritan Health Center of Cobb Has Been Claimed a Victim to Qilin Ransomware
Source: DarkWebInformer
December 18th, 2024 (5 months ago)
Description: National Atomic Energy Commission Has Been Claimed a Victim to Money Message Ransomware
Source: DarkWebInformer
December 18th, 2024 (5 months ago)
Description: A Threat Actor Claims to be Selling Access to an Unidentified Law Company in UK
Source: DarkWebInformer
December 18th, 2024 (5 months ago)
Description: A Threat Actor Claims to be Selling Data of VPbet
Source: DarkWebInformer
December 18th, 2024 (5 months ago)
Description: ​Recorded Future, an American threat intelligence company, has become the first cybersecurity firm designated by&nbsp;the Russian government as an "undesirable" organization. [...]
Source: BleepingComputer
December 18th, 2024 (5 months ago)