CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.

Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token

A software repository on GitHub dedicated to supplying open-source code and AI models for image recognition was left open to manipulation by bad actors thanks to an insecure URL.

The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware.

Designed specifically for Windows, the bootkit emerged on hacker forums in October last year, being advertised with APT-level capabilities such as secure boot and user access control (UAC) bypass and the ability to disable security applications and defense mechanisms on victim systems.

VulnCheck discovers a network of fake security researcher accounts promoting hidden malware.

Update to the latest version of Desktop and previous version of Atom before February 2.

The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.

Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.

Works on iOS 16.1.2 and below (tested on iOS 16.1) on unjailbroken devices.

In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.

WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.

We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here.

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

GitHub is unaffected by the vulnerabilities, but users should be aware of them and upgrade their local installation of Git.