Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Emergency Ambulance Hiring Portal 1.0 WYSIWYG Code Injection

Emergency Ambulance Hiring Portal version 1.0 suffer from a WYSIWYG code injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#windows#google#js#java#php#auth#firefox
Printable Staff ID Card Creator System 1.0 Insecure Direct Object Reference

Printable Staff ID Card Creator System version 1.0 suffers from an insecure direct object reference vulnerability.

Remote Access Sprawl Strains Industrial OT Network Security

A veritable grab bag of tools used to access critical infrastructure networks are wildly insecure, and they're blobbing together to create a widening attack surface.

How Law Enforcement's Ransomware Strategies Are Evolving

The threat of ransomware hasn't gone away. But law enforcement has struck a blow by adjusting its tactics and taking out some of the biggest adversaries in the ransomware scene.

Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens

In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six men, aged between 32 and 42, are suspected of

'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks

An attack dubbed "WordDrone" that uses an old flaw to install a backdoor could be related to previously reported cyber incidents against Taiwan's military and satellite industrial supply chain.

Why Is It So Challenging to Go Passwordless?

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is."  If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech

GHSA-f6v4-cf5j-vf3w: dset Prototype Pollution vulnerability

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.