Security
Headlines
HeadlinesLatestCVEs

Tag

#google

MVC Shop 0.5 Cross Site Scripting

MVC Shop version 0.5 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#windows#google#git#auth#firefox
NETXPERTS CMS 0.1 SQL Injection

NETXPERTS CMS version 0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Anuranan SBAdmin 2 Insecure Settings

Anuranan SBAdmin version 2 appears to leave default credentials installed after installation.

The Bizarre Reality of Getting Online in North Korea

New testimony from defectors reveals pervasive surveillance and monitoring of limited internet connections. For millions of others, the internet simply doesn't exist.

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The

CVE-2023-2986: woocommerce-ac.php in woocommerce-abandoned-cart/trunk – WordPress Plugin Repository

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.

Update Chrome now! Google patches actively exploited zero-day

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: V8 Tags: heap corruption Tags: type confusion Tags: CVE-2023-3079 Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited zero-day appeared first on Malwarebytes Labs.

Introduction to confidential virtual machines

In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to ensure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview). For additional details on OpenShift

Global Malware Attack Imitates VPN and Security Apps on Android Phones

By Habiba Rashid The massive and sophisticated mobile malware campaign has been operating undetected on Android devices across the globe for more than six months.  This is a post from HackRead.com Read the original post: Global Malware Attack Imitates VPN and Security Apps on Android Phones

A DIY Guide To Become An Alone Long Time Bughunter For Ordinary People

Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.