Tag
#git
By Deeba Ahmed According to the Microsoft Threat Intelligence Team, threat actors labeled as 'financially motivated' utilize the ms-appinstaller URI scheme for malware distribution. This is a post from HackRead.com Read the original post: Microsoft Disables App Installer After Feature is Abused for Malware
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,
SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.
### Impact Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in `wrangler` until `3.19.0`), an attacker on the local network could access other local servers. ### Patches The issue was fixed in `[email protected]`. ### Workarounds Ensure Miniflare is configured to listen on just local interfaces. This is the default behaviour, but can also be configured with the `host: "127.0.0.1"` option. ### References - https://github.com/cloudflare/workers-sdk/pull/4532
By Deeba Ahmed Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced… This is a post from HackRead.com Read the original post: Malware Leveraging Google Cookie Exploit via OAuth2 Functionality
easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component `mVELRule`.
An issue in the component `GroovyEngine.execute` of JLine v3.24.1 allows attackers to cause an out of memory (OOM) error exception.
An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop.
Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.
It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.