Security
Headlines
HeadlinesLatestCVEs

Tag

#git

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

Fraudsters running the Phish 'n Ships campaign infected legitimate website and used SEO poisoning to redirect shoppers to their fake web shops

Malwarebytes
Open in Source
#vulnerability#web#git#intel#sap
EMERALDWHALE Steals 15,000+ Cloud Credentials, Stores Data in S3 Bucket

Operation EMERALDWHALE compromises over 15,000 cloud credentials, exploiting exposed Git and Laravel files. Attackers use compromised S3 buckets…

Xlibre Xnest 24.1.0 / 24.2.0 Buffer Overflow

Xlibre Xnest versions 24.1.0 and 24.2.0 suffer from a buffer overflow vulnerability that affected Xorg.

Ubuntu Security Notice USN-7088-1

Ubuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Developer Velocity & Security: Can You Get Out of the Way in Time?

When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket,

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services

A Step-by-Step Guide to How Threat Hunting Works

Stay ahead of cybercrime with proactive threat hunting. Learn how threat hunters identify hidden threats, protect critical systems,…

GHSA-hhhv-ggjx-q9j2: Glossarizer Cross-site Scripting vulnerability

Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry.