Analyst207Apr 29

GitHub swiftly patches flaw exposing millions of private repos

GitHub quickly squashed a massive security flaw, CVE-2026-3854, that could have let hackers access millions of private repositories with just one sneaky git push. The vulnerability allowed attackers to inject malicious code by exploiting how GitHub handled user-supplied options during git push operations.

https://osintsights.com/github-swiftly-patches-flaw-exposing-millions-of-private-repos?utm_source=mastodon&utm_medium=social

#Github #Cve20263854 #SupplyChain #CodeInjection #EmergingThreats

GitHub swiftly patches flaw exposing millions of private repos

Learn how GitHub swiftly patched CVE-2026-3854, a flaw exposing millions of private repos, and take steps to secure your own repositories now.

OSINTSights
Analyst207Apr 21

Apache ActiveMQ Vulnerability Exploited, Hits 6,400 Servers

More than 6,400 publicly accessible Apache ActiveMQ servers are under attack, thanks to a high-severity code injection vulnerability that's being actively exploited. Is your server among them?

https://osintsights.com/apache-activemq-vulnerability-exploited-hits-6400-servers?utm_source=mastodon&utm_medium=social

#ApacheActivemq #CodeInjection #VulnerabilityExploitation #EmergingThreats #ServerSecurity

Apache ActiveMQ Vulnerability Exploited, Hits 6,400 Servers

Protect your server from Apache ActiveMQ vulnerability attacks. Learn how to secure over 6,400 exposed servers now and prevent code injection flaws. Take action today for server safety.

OSINTSights
floApr 4
Du nutzt noch LinkedIn?
(Vielleicht sogar mit Windows?)

Dann lies hier mal aufmerksam den ganzen Artikel, wie Microsoft deinen PC manipuliert um dich zu überwachen!

Microsoft agiert hier äußerst "kreativ"!

"Microsoft Corporation’s LinkedIn is running a massive, global, and illegal spying operation on every computer that visits their website."
(...)
As part of the campaign in removing everyone from the market who might actually make use of the Digital Markets Act, **LinkedIn started injecting malicious code into the browsers of their users**, without their knowledge or their consent.

At the time of writing, this code downloads a list of 6,222 software products and brute-forces the detection of each one. The scan covers extensions with a combined user base of approximately 405 million people.
(...)
Because LinkedIn knows each visitor’s name, employer, and job title, every detected extension is matched to an identified individual. And because LinkedIn knows where each user works, these individual scans aggregate into detailed profiles of companies, institutions, and government agencies, revealing which software tools their employees use without the organization’s knowledge or consent."

https://browsergate.eu/executive-summary/

via

https://www.henning-uhle.eu/shorty-sagt/shorty-sagt-die-katastrophe-bei-linkedin

#LinkedIn #Microsoft #CodeInjection
Executive Summary

Microsoft Corporation’s LinkedIn is running a massive, global, and illegal spying operation on every computer that visits their website. 1. The Regulation of Linkedin In 2024 Microsoft was designated as a “gatekeeper” under the Digital Markets Act in the EU. The two regulated products are Microsoft Windows and Microsoft LinkedIn. The Digital Markets Act mandates that gatekeepers allow business users and authorized third parties free, effective, high-quality, continuous and real-time access to all data, including personal data, that is generated through the use of (LinkedIn).

BrowserGate
N-gated Hacker NewsMar 7
🖥️ Ah yes, the delightful pastime of injecting code into #macOS for absolutely no gain whatsoever! 💸 The author, who simply cannot stop talking about his unrelated love for a Windows tool, generously shares a step-by-step guide on achieving... well, nothing relevant. 🎯 Spoiler: it's all #fun and games until your Mac says "Goodnight, and good luck!" 🌙
https://mariozechner.at/posts/2024-07-20-macos-code-injection-fun/ #coding #codeinjection #techhumor #softwaredevelopment #HackerNews #ngated
macOS code injection for fun and no profit

Fun little vacation project for fun and zero profit.

OffSequenceFeb 26
🚨 CVE-2026-27497 (CRITICAL, CVSS 9.4): n8n-io n8n code injection via Merge node's SQL query mode. Authenticated users can achieve RCE and write files. Upgrade to v2.10.1/2.9.3/1.123.22 now! https://radar.offseq.com/threat/cve-2026-27497-cwe-94-improper-control-of-generati-7583bd72 #OffSeq #n8n #CodeInjection #Infosec
AllAboutSecurityDec 8

WatchGuard Firebox: Kritische Sicherheitslücken ermöglichen Code-Injection und Umgehung von Schutzmaßnahmen

https://www.all-about-security.de/watchguard-firebox-kritische-sicherheitsluecken-ermoeglichen-code-injection-und-umgehung-von-schutzmassnahmen/

#watchguard #CodeInjection #FirewallAppliances #firewall #XPathInjection #CVE

WatchGuard Firebox: Kritische Sicherheitslücken ermöglichen Code-Injection und Umgehung von Schutzmaßnahmen

Zehn Schwachstellen in WatchGuard Firebox-Firewalls gefährden Unternehmensnetzwerke. Patches verfügbar – sofortige Installation dringend empfohlen.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
sekurak NewsAug 8, 2025

W jaki sposób exploit typu Content Injection może zniszczyć społeczność kultowej gry RTS?

StarCraft: Brood War i jego następca StarCraft 2 to ikony gatunku RTS (strategii czasu rzeczywistego) oraz jedne z najważniejszych gier komputerowych w historii, które od dekad cieszą się aktywną społecznością i profesjonalną sceną e-sportową. Jednak StarCraft 2 stoi obecnie przed poważnymi problemami, które zagrażają jego dalszemu rozwojowi i funkcjonowaniu gry....

#WBiegu #Blizzard #CodeInjection #Haktywizm #Starcraft

https://sekurak.pl/w-jaki-sposob-exploit-typu-content-injection-moze-zniszczyc-spolecznosc-kultowej-gry-rts/

W jaki sposób exploit typu Content Injection może zniszczyć społeczność kultowej gry RTS?

StarCraft: Brood War i jego następca StarCraft 2 to ikony gatunku RTS (strategii czasu rzeczywistego) oraz jedne z najważniejszych gier komputerowych w historii, które od dekad cieszą się aktywną społecznością i profesjonalną sceną e-sportową. Jednak StarCraft 2 stoi obecnie przed poważnymi problemami, które zagrażają jego dalszemu rozwojowi i funkcjonowaniu gry....

Sekurak
N-gated Hacker NewsJun 6, 2025
🚨 ALERT 🚨: Someone figured out that your precious #Dependabot can be manipulated like a sneaky teenager with an unlimited credit card! 🤦‍♂️ Congratulations, now bots can help hackers throw a party in your codebase complete with command injection fireworks. 🎉 Keep pretending your #AppSec is secure, it'll be fun!
https://boostsecurity.io/blog/weaponizing-dependabot-pwn-request-at-its-finest #Vulnerability #CodeInjection #SecurityAlerts #HackerNews #HackerNews #ngated
Weaponizing Dependabot: Pwn Request at its Finest

Learn how Dependabot can be co-opted to exploit some sensitive workflows, through the Confused Deputy Problem and branch name injections.

The DefendOps DiariesJun 4, 2025

Developers and gamers, listen up! Hackers are now using trusted tools and platforms to sneak in malicious code and clever scams. How are your projects staying secure in this evolving threat landscape?

https://thedefendopsdiaries.com/the-evolving-threat-landscape-how-hackers-target-fellow-developers-and-gamers/

#cybersecurity
#infosectrends
#codeinjection
#socialengineering
#gamerssecurity

Hacker NewsMar 16, 2025

Someone copied our GitHub project, added stars, and injected malicious code

https://old.reddit.com/r/golang/comments/1jbzuot/someone_copied_our_github_project_made_it_look/

#HackerNews #GitHub #Security #CodeInjection #MaliciousCode #OpenSource #Community