Security
Headlines
HeadlinesLatestCVEs

Headline

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Researchers have uncovered a large, tangled web of infrastructure being used to enable a wide variety of cyberattacks.

Threatpost
#Malware#News#Web Security#Web Security#ddos#Malware#Web Security#web

Related news

Injection vulnerabilities in popular WordPress plugin could expose credentials, allow admin access

Fastest Cache is used by more than one million websites

CVE-2021-39881: HackerOne

In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.

CVE-2021-3824: Access Server Release Notes | OpenVPN

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.

CVE-2021-40966: TinyFileManager Vulnerabilities

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.

CVE-2021-33679:

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity.

Threatpost: Latest News

Student Loan Breach Exposes 2.5M Records