Latest News
In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations.
The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges.
According to the unsealed criminal charges, the operation is believed to have running for nearly four years.
Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. ### Impact - Affects front-end forms with `assets` fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. - Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. - Traversal _outside_ an asset container was not possible. ### Patches This has been fixed in 5.17.0.
Russian national Evgenii Ptitsyn, linked to Phobos ransomware, faces U.S. charges for extortion and hacking, with over $16M…
The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals.
WordPress Really Simple Security plugin versions prior to 9.1.2 proof of concept authentication bypass exploit.
Proof of concept code to exploit an authentication bypass in Palo Alto's PAN-OS that is coupled with remote command execution.
Ubuntu Security Notice 7116-1 - It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated.
Ubuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted cha...