Tag
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.
Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.
D-Link DIR-846 suffers from a remote command execution vulnerability.
Liferay Portal version 6.2.5 suffers from an insecure permissions vulnerability.
A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group (TAG) is tracking the cluster under the name ARCHIPELAGO, which it said is a subset of another threat group tracked by Mandiant under the name APT43. The tech giant
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Categories: Android Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: update Tags: CVE-2023-21085 Tags: CVE-2023-21096 Tags: CVE-2022-38181 Tags: Use-after-free Tags: input validation Google has released an Android update that fixes two critical remote code execution (RCE) vulnerabilities, and one vulnerability that has been exploited in the wild. (Read more...) The post Update Android now! Google patches three important vulnerabilities appeared first on Malwarebytes Labs.
Categories: News Tags: ransomware Tags: fake Tags: faker Tags: fraud Tags: scam Tags: bogus Tags: midnight We take a look at a ransomware group that doesn't produce any ransomware, only threats. (Read more...) The post Fake ransomware demands payment without actually encrypting files appeared first on Malwarebytes Labs.
By Deeba Ahmed The Chromium-based browsers include Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and several others. This is a post from HackRead.com Read the original post: Rilide Malware – New Crypto Stealer Hits Chromium-Based Browsers
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.