Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Sample Blog Site 1.0 Cross Site Scripting / Remote File Inclusion

Sample Blog Site version 1.0 suffers from cross site scripting and remote file inclusion vulnerabilities.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#google#php#auth#firefox
THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news – Kaspersky's forced exit from the US market left users with more

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique – so

A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock

The Pig Butchering Invasion Has Begun

Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process.

The US Could Finally Ban Inane Forced Password Changes

Plus: The US Justice Department indicts three Iranians over Trump campaign hack, EU regulators fine Meta $100 million for a password security lapse, and the Tor Project enters a new phase.

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake

First Mobile Crypto Drainer on Google Play Steals $70K from Users

A malicious app disguised as a legitimate WalletConnect tool targeted mobile users on Google Play. The app stole…

Simple Online Banking System 1.0 Insecure Settings

Simple Online Banking System version 1.0 suffers from an ignored default credential vulnerability.

Memory-Safe Code Adoption Has Made Android Safer

The number of memory bugs in Android declined sharply after Google began transitioning to Rust for new features in its mobile OS.