Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-h75c-f2xx-9vxv: OpenCMS Cross-Site Scripting vulnerability

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field

ghsa
#xss#vulnerability#web#java#auth
GHSA-3922-2r6r-r4fv: MCMS allows arbitrary file uploads in the ueditor component

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

GHSA-7m3w-m5g3-cc88: OpenCMS cross-site scripting (XSS) vulnerability

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

GHSA-847x-x4jg-6gf4: croogo Host header injection

An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to

Native Language Phishing Spreads ResolverRAT to Healthcare

Morphisec discovers a new malware threat ResolverRAT, that combines advanced methods for running code directly in computer memory,…

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks

Government-backed hacking groups from North Korea (TA427), Iran (TA450), and Russia (UNK_RemoteRogue, TA422) are now using the ClickFix…

5 Reasons Device Management Isn't Device Trust​

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device

How to Protect Yourself From Phone Searches at the US Border

Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.