Aggregator

Critical Argo CD API Vulnerability Exposes Repository Credentials

Cyber Security News
3 months 1 week ago

A critical vulnerability has been discovered in Argo CD that allows API tokens with limited permissions to access sensitive repository credentials. The flaw in the project details API endpoint exposes usernames and passwords, undermining the platform’s security model by granting access to secrets without explicit permissions. The vulnerability stems from an improper authorization check in […]

The post Critical Argo CD API Vulnerability Exposes Repository Credentials appeared first on Cyber Security News.

Guru Baran

Kill

Dark Feed IO
3 months 1 week ago

You must login to view this content

cohenido

Kill

Dark Feed IO
3 months 1 week ago

You must login to view this content

cohenido

“GPUGate” Malware Abuses Google Ads and GitHub to Deliver Advanced Malware Payload

Cyber Security News
3 months 1 week ago

A sophisticated malware campaign, dubbed “GPUGate,” abuses Google Ads and GitHub’s repository structure to trick users into downloading malicious software. The Arctic Wolf Cybersecurity Operations Center, the attack chain uses a novel technique to evade security analysis by leveraging a computer’s Graphics Processing Unit (GPU). The campaign appears to be the work of a Russian-speaking […]

The post “GPUGate” Malware Abuses Google Ads and GitHub to Deliver Advanced Malware Payload appeared first on Cyber Security News.

Guru Baran

MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Security Affairs
3 months 1 week ago
MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept (PoC) to study and demonstrate those techniques in a controlled way, emulating those tactics so red and blue teams […]
Pierluigi Paganini

CVE-2025-0081 | Google Android 12/12L/13/14/15 dng_lossless_jpeg.cpp HuffDecode denial of service (WID-SEC-2025-0477)

Vuldb Updates
3 months 1 week ago
A vulnerability categorized as problematic has been discovered in Google Android 12/12L/13/14/15. Affected is the function dng_lossless_decoder::HuffDecode of the file dng_lossless_jpeg.cpp. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2025-0081. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2025-0078 | Google Android 12/12L/13/14/15 SELinux main.cpp main access control (WID-SEC-2025-0477)

Vuldb Updates
3 months 1 week ago
A vulnerability marked as critical has been reported in Google Android 12/12L/13/14/15. This affects the function main of the file main.cpp of the component SELinux. The manipulation leads to improper access controls. This vulnerability is documented as CVE-2025-0078. The attack needs to be performed locally. There is not any exploit available. It is suggested to install a patch to address this issue.
vuldb.com

Managed ad