Tag
Google Chrome versions prior to 125.0.6422.112 V8 type confusion proof of concept exploit.
Water Billing Management System version 1.0 suffers from a cross site request forgery that enables an arbitrary file upload.
Webpay E-Commerce version 1.0 suffers from a directory traversal vulnerability.
SPIP version 4.2.6 suffers from a code execution vulnerability.
WordPress GetYourGuide Ticketing plugin version 1.0.6 suffers from a cross site scripting vulnerability.
WordPress SeatReg plugin version 1.54.0 suffers from an open redirection vulnerability.
WordPress WP Event Manager plugin version 3.1.44 suffers from a cross site scripting vulnerability.
Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that's equipped to
Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a threat it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (formerly
Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named temp-etherscan-api, ethersscan-api, telegram-con, helmet-validate, and