Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

GoAhead Web Server 2.5 HTML Injection

GoAhead Web Server version 2.5 suffers from an html injection vulnerability.

Packet Storm
Open in Source
#vulnerability#web#auth
Ricoh Printer Directory / File Exposure

Ricoh printers suffer from directory and file exposure vulnerabilities.

Bank Locker Management System SQL Injection

Bank Locker Management System suffers from a remote SQL injection vulnerability.

Grocy 4.0.2 Cross Site Request Forgery

Grocy versions 4.0.2 and below suffer from a cross site request forgery vulnerabilities.

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks

Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with

Cloudflare Hacked After State Actor Leverages Okta Breach

By Deeba Ahmed CloudFlare Servers Were Hacked on Thanksgiving Day Using Auth Tokens Stolen in Okta Breach. This is a post from HackRead.com Read the original post: Cloudflare Hacked After State Actor Leverages Okta Breach

FBI removes malware from hundreds of routers across the US

The FBI has removed malware from hundreds of routers in an effort to disrupt threat actors linked to the Chinese government.

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally charged in June 2018. He was found guilty in July 2022. On September 13, 2023, he was&

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs

An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime." Involving 60 law