Tag
#auth
ManageEngine ADManager version 7183 suffers from a password hash disclosure vulnerability.
DoJ and Microsoft seized over 100 sites used by Russian hackers for phishing campaigns targeting the U.S. The…
Cloud-based solutions are transforming the software quality assurance (QA) industry. As organizations increasingly migrate their development and verification…
Thoughtfully applied, humor breaks through security fatigue, increases engagement, and fosters a culture of security awareness.
Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials
The booming economies of Africa, rich in natural resources and brimming with potential, are attracting not just investors but also cybercriminals.
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was
It's North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection.
The building management system suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'downloadDb.php' script is not properly verified before being used to download database files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
Several of the flaws enable remote code execution and denial-of-service attacks while others enable data theft, session hijacking, and other malicious activity.