Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Dolibarr 17.0.1 Cross Site Scripting

Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#apple#linux#php#auth#chrome#webkit
Global Multi School Management System Express 1.0 SQL Injection

Global Multi School Management System Express version 1.0 suffers from a remote SQL injection vulnerability.

The Internet Is Turning Into a Data Black Box. An ‘Inspectability API’ Could Crack It Open

Unlike web browsers, mobile apps increasingly make it difficult or impossible to see what companies are really doing with your data. The answer? An inspectability API.

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application

Payoro: A Glimmer of Disruption in the Banking Sector

By Owais Sultan Estonia’s Tallinn, renowned for its medieval aesthetic, is not typically the first name one considers when reflecting upon… This is a post from HackRead.com Read the original post: Payoro: A Glimmer of Disruption in the Banking Sector

This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers

Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it's not immediately clear how many of them were co-opted by malware installed on

Security News This Week: US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack

New research reveals the strategies hackers use to hide their malware distribution system, and companies are rushing to release mitigations for the “Downfall” processor vulnerability on Intel chips.

Karma Catches Up to Global Phishing Service 16Shop

You've probably never heard of "16Shop," but there's a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.

CVE-2023-38905: [CVE-2023-38905] sys/duplicate/check SQL注入 · Issue #4737 · jeecgboot/jeecg-boot

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.