Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire

With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the country's last parliamentary election, a privacy watchdog warns.

DARKReading
Open in Source
#google#git#auth
Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's ChatGPT service to harvest Facebook session cookies and hijack the accounts. The "ChatGPT For Google" extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally

CVE-2022-47173: WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions.

New Android Botnet Nexus Being Rented Out on Russian Hacker Forum

By Habiba Rashid Nexus contains a module equipped with encryption capabilities which point towards ransomware. This is a post from HackRead.com Read the original post: New Android Botnet Nexus Being Rented Out on Russian Hacker Forum

WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS

WordPress plugins Watu Quiz versions 3.3.9 and below, GN Publisher versions 1.5.5 and below, and Japanized For WooCommerce versions 2.5.4 and below suffer from cross site scripting vulnerabilities.

CVE-2023-23864: WordPress Very Simple Google Maps plugin <= 2.8.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Michael Aronoff Very Simple Google Maps plugin <= 2.8.4 versions.

Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud. "Nexus appears to be in its early stages of development," Italian cybersecurity firm Cleafy said in a report published this week. "Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and

German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes. The joint advisory comes from Germany's domestic intelligence apparatus, the Federal Office for the Protection of the Constitution (BfV), and South Korea's National Intelligence Service of the Republic of Korea (NIS

CVE-2022-30037: XunRuiCMS v4.3.3 to v4.5.1 backstage code injection vulnerability(file write and file inclusion)

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.