#intel

The industrial automation giant agrees to buy Verve Industrial Protection, joining in an ICS trend of bringing cybersecurity capabilities in-house to keep up with attackers.

The cybercrime recruitment and mentoring hub conducted a variety of cybercrimes including business email compromise.

WordPress AI ChatBot plugin versions 4.8.9 and below suffer from arbitrary file deletion, remote SQL injection, and directory traversal vulnerabilities.

The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence said in a Wednesday analysis. "It uses email

Protecting intellectual property and proprietary artificial intelligence (AI) models has become increasingly important in today's business landscape. Unauthorized access can have disastrous consequences with respect to competitiveness, compliance and other vital factors, making it essential to implement leading security measures. Confidential computing is one of these technologies, using hardware-based trusted execution environments (TEEs) to create enclaves with strengthened security postures. These enclaves help protect sensitive data and computations from unauthorized access, even by pr

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.

The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users.

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.