#auth

TP-LINK TL-WR740N suffers from an html injection vulnerability.

GoAhead Web Server version 2.5 suffers from an html injection vulnerability.

Ricoh printers suffer from directory and file exposure vulnerabilities.

Bank Locker Management System suffers from a remote SQL injection vulnerability.

Grocy versions 4.0.2 and below suffer from a cross site request forgery vulnerabilities.

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.

Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with

By Deeba Ahmed CloudFlare Servers Were Hacked on Thanksgiving Day Using Auth Tokens Stolen in Okta Breach. This is a post from HackRead.com Read the original post: Cloudflare Hacked After State Actor Leverages Okta Breach

The FBI has removed malware from hundreds of routers in an effort to disrupt threat actors linked to the Chinese government.

A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally charged in June 2018. He was found guilty in July 2022. On September 13, 2023, he was&