tldrdaily.news logo
Tag

Path Traversal

All articles tagged with #path traversal

WinRAR ADS path-traversal flaw drives ongoing global intrusions
security29 days ago

WinRAR ADS path-traversal flaw drives ongoing global intrusions

Security researchers warn that WinRAR CVE-2025-8088, a high-severity path-traversal flaw abusing Alternate Data Streams to drop payloads, remains actively exploited by both state-backed groups and financially motivated criminals. The exploit chain hides malicious ADS inside decoy files and uses directory traversal to drop LNK/HTA/BAT/CMD payloads that execute on login. Actors such as RomCom/UNC4895, APT44, TEMP.Armageddon, Turla, and China-linked groups have used it for espionage and malware delivery, while criminals distribute RATs and info-stealers, with exploits marketed by underground actors. The activity underscores exploit commoditization and emphasizes the need to patch WinRAR promptly to mitigate ongoing risk.

via BleepingComputer|
#alternate-data-streams#cve-2025-8088#path-traversal
Microsoft's AI Web Project Faces Security Flaws
technology6 months ago

Microsoft's AI Web Project Faces Security Flaws

Researchers discovered a critical security flaw in Microsoft's new NLWeb protocol, which allows remote reading of sensitive files, including API keys, due to a path traversal vulnerability. Microsoft patched the issue but has not issued a CVE, raising concerns about security oversight in AI-related protocols. The flaw could have severe consequences for AI agents relying on exposed API keys, emphasizing the need for careful security practices in deploying new AI features.

via The Verge|
#ai-vulnerability#microsoft#nlweb
Microsoft Azure API Management Service Vulnerabilities Patched
api-management-vulnerability2 years ago

Microsoft Azure API Management Service Vulnerabilities Patched

Three new security flaws have been discovered in Microsoft Azure API Management service, including two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal. Exploitation of SSRF flaws can result in loss of confidentiality and integrity, permitting a threat actor to read internal Azure resources and execute unauthorized code. Following responsible disclosure, all the three flaws have been patched by Microsoft.

via The Hacker News|
#api-management#api-management-vulnerability#microsoft-azure