#apple

Categories: Podcast This week on Lock and Code, we speak with Heather Kelly about why how parents are using AirTags to give their kids freedom. (Read more...) The post A new type of "freedom," or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17 appeared first on Malwarebytes Labs.

The macOS Background Task Manager tool is supposed to spot potentially malicious software on your machine. But a researcher says it has troubling flaws.

GitHub has spent two years researching and slowly rolling out its multifactor authentication system. Soon it will be mandatory for all 100 million users—with no opt-out.

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.