#google

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week. "It can steal

1 year ago

The Hacker News

Open in Source

#web #windows #apple #google #microsoft #c++#pdf #auth #chrome #firefox #The Hacker News

CVE-2023-4283: Changeset 2950211 for embedpress – WordPress Plugin Repository

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

1 year ago

CVE

Open in Source

#xss #web #google #js #git #wordpress #php #auth

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations

1 year ago

The Hacker News

Open in Source

#web #apple #google #microsoft #nodejs #git #auth #ruby #sap #The Hacker News

August Patch Tuesday stops actively exploited attack chain and more

Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.

1 year ago

Malwarebytes

Open in Source

#vulnerability #web #android #windows #google #microsoft #cisco #dos #rce #zero_day #sap

A Clever Honeypot Tricked Hackers Into Revealing Their Secrets

Security researchers set up a remote machine and recorded every move cybercriminals made—including their login details.

1 year ago

Wired

Open in Source

#web #mac #windows #google

Intel Responds to ‘Downfall’ Attack with Firmware Updates, Urges Mitigation

By Habiba Rashid New Intel Processor Vulnerability "Downfall" Discovered: Threats to Data Security Amplify This is a post from HackRead.com Read the original post: Intel Responds to ‘Downfall’ Attack with Firmware Updates, Urges Mitigation

1 year ago

HackRead

Open in Source

#vulnerability #web #mac #apple #google #microsoft #intel #pdf #lenovo #amd #samsung #auth #ssl

Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack

By Waqas FortiGuard Labs Reveals Insights into Recent Surge of Cyberattacks Utilizing Rust Programming Language. This is a post from HackRead.com Read the original post: Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack

1 year ago

HackRead

Open in Source

#google #microsoft #redis #pdf

Lucee 5.4.2.17 Cross Site Scripting

Lucee version 5.4.2.17 suffers from a cross site scripting vulnerability.

1 year ago

Packet Storm

Open in Source

#xss #vulnerability #web #windows #google #java #auth #firefox

eHato CMS 1.0 Cross Site Scripting

eHato CMS version 1.0 suffers from a cross site scripting vulnerability.