Security
Headlines
HeadlinesLatestCVEs

Tag

#git

What is Cracktivator software?

Learn about Talos' research into cracked versions of the Microsoft Windows operating system and applications. Discover why the use of cracktivator software is a growing trend.

TALOS
Open in Source
#vulnerability#mac#windows#microsoft#cisco#git#backdoor#perl#auth
The Fake Browser Update Scam Gets a Makeover

One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

CVE-2023-46007: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-3.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.

CVE-2023-46006: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-2.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.

CVE-2023-46005: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.

CVE-2023-46004: Zerrr0_Vulnerability/Best Courier Management System 1.0/Arbitrary-File-Upload-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.

CVE-2023-45065: WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 versions.

Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign

A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments. Dubbed Qubitstrike by Cado, the intrusion set utilizes Telegram API to exfiltrate cloud service provider credentials following a successful compromise. "The payloads for the Qubitstrike campaign are

TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments

Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky

CVE-2023-4938: bulkoperations.php in woo-bulk-editor/trunk/ext/bulkoperations – WordPress Plugin Repository

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.