Security
Headlines
HeadlinesLatestCVEs

Tag

#git

War Crime Prosecutions Enter a New Digital Age

A custom platform developed by SITU Research aided the International Criminal Court’s prosecution in a war crimes trial for the first time. It could change how justice is enacted on an international scale.

Wired
Open in Source
#git#sap
Federal Reserve “breached” data may actually belong to Evolve Bank

LockBit claimed to have breached Federal Reserve but in fact the data came from Evolve Bank & Trust

GHSA-rjw8-v7rr-r563: October System module has a Reflected XSS via X-October-Request-Handler Header

### Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. ### Patches This issue has been patched in v3.5.15. ### References Credits to: - [Mayank Mehra](mailto:[email protected]) ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])

Poultry Farm Management System 1.0 Shell Upload

Poultry Farm Management System version 1.0 remote shell upload exploit. This is a variant of the original discovery of this flaw in this software version by Hejap Zairy in March of 2022.

'Snowblind' Tampering Technique May Drive Android Users Adrift

As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix.

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean

'ChamelGang' APT Disguises Espionage Activities With Ransomware

The China-nexus cyber-threat actor has been operating since at least 2019 and has notched victims in multiple countries.

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information.  According to Sucuri, the latest campaign entails making malicious modifications to the

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity firm Cleafy said in an analysis