#auth

GL.iNet version 4.4.3 suffers from authentication bypass and code injection vulnerabilities.

Gibbon School Platform version 26.0.00 suffers from a PHP code injection vulnerability.

Craft CMS version 4.4.14 suffers from a PHP code injection vulnerability.

Chamilo version 1.11.18 suffers from a PHP code injection vulnerability.

Artica Proxy version 4.40 suffers from a code injection vulnerability that provides a reverse shell.

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'MODEM' HTTP POST parameter called by the dialupSwitch.php script.

The future of cybersecurity will be shaped by how well we manage the explosion of NHIs.

CISOs in consumer and retail organizations appear to accept greater risks to allow for more innovation, which could be a model for future growth.

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.  In this post, we’ll explore hybrid attacks — what they are