Latest News
### Impact The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are.
### Impact An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section
### Impact This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. ### Patches Will be patched in 14.3.1 and 15.0.0. ### Workarounds Ensure that access to the Dictionary section is only granted to trusted users.
The 115,000-plus files related to UN Women included detailed financial disclosures from organizations around the world—and personal details and testimonials from vulnerable individuals.
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the
GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.
Anti-bot services on the dark web allow phishers to bypass Google’s Red Page warnings, evading detection and making…
The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.
Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.
Debian Linux Security Advisory 5794-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.