Latest News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112). The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare, and an exploit PoC. The exploit causes a forced reboot of Windows servers. One prerequisite: the […]

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around software-as-a-service sprawl and shadow IT.

Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August.

The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.

Misconfigured license-plate-recognition systems reveal the livestreams of individual cameras and the wealth of data they collect about every vehicle that passes by them.

AI-supported spear phishing emails tricked 54% of users in a controlled study that compared AI and human cybercriminal success rates.

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.

### Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input (such as user comments) to be parsed and handled safely by the PHP-Textile library. In restricted mode, the version 4.1.2 of the library does not sanitize or validate user-controllable href input in image links, but allows any link protocol or JavaScriptt links to be used. The vulnerability allows an attacker to add malicious JavaScript code to the page which is then executed when an unexpecting user clicks the link. In non-restricted mode, the library allows mixed HTML input, and any link protocol by design. In restricted mode, text links were already handled correctly and the vulnerability only affects image links. ### Resolution This issue was fixed in PHP-Textile version 4.1.3. Version 4.1.3 disallows use of JavaScript in image links when the ...