Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.

Security Links is a curated list of websites for cybersecurity. Find cutting edge information and trends.

LATEST NEWS
thumb
2024-10-24 14:25:12Mainframe Technology Is Far From Obsolete

Mainframe technology remains essential for security, scalability, and efficiency. To stay competitive, companies must blend legacy mainframes with modern systems.

by ITPro Today

PICKUP

404 Media is a new independent media company founded by technology journalists Jason Koebler, Emanuel Maiberg, Samantha Cole, and Joseph Cox.

Blog from Red Siege. Red Siege is an information security company focusing on real world threats to you and your organization.

Grab the helm and go on an adventure in Google Earth.

Learn to harness next-gen technologies to build the bridges that will lead us to a better tomorrow.

The latest updates on cybersecurity from today’s experts. Read about ransomware, vulnerabilities, and threat intelligence impacting businesses.

Read ThreatLocker's latest blogs. Learn more about business cybersecurity solutions, ransomware protection, endpoint cybersecurity and more!

The leading database for open source vulnerabilities and cloud misconfigurations.

RECENTLY ADDED
NEW

Read McAfee Labs blogs for the latest threat research, threat intelligence, and thought leadership from the Threat Research team.

NEW

In the contemporary cybersecurity landscape, Security Operations Centers find themselves besieged by an overwhelming number of cyber threats, escalating in both frequency and complexity, leaving traditional...

NEW

Your go-to source for expert red team tips and tricks. Elevate your cybersecurity game with our insightful content.

NEW

The site for people they like to build Network Servers with CentOS, Ubuntu, Fedora, Debian, Windows Server.

NEW

AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.

NEW

Living Off The Land Payload Generator.

NEW

The Netwrix blog is a free source of best practices, trends and expert advice for cybersecurity and IT pros.

NEW

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

NEW

We keep you posted on the latest cyber threats. Learn more about what is new in the world of IT security. Knowledge is the best protection.

NEW

Adversary techniques for credential theft and data compromise.

NEW

Trusted cybersecurity news, research, and threat intelligence by our experts.

NEW

HAWKEYE Managed SOC Dubai powered by DTS Solution helps your organization strategize, develop, build and manage a Managed Security Operations Center – SOC 2.0 As A Service. Managed Security Services Dubai, Managed SOC Provider in Dubai.

NEW

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and web addresses for threats, malware, viruses

NEW

The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques. Cyber defenders can use this data to prioritize specific techniques for threat hunting, and incident responders can use this information to highlight important lateral movement and persistence behaviors that are essential to threat eviction and recovery.

NEW

Living Off the Orchard. macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.