#intel

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.

By Waqas The surge in malicious activity, initially observed during the Russia-Ukraine conflict, has now spread to various regions globally, as revealed in the NOKIA Threat Intelligence Report 2023. This is a post from HackRead.com Read the original post: IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia

By Habiba Rashid Researchers have warned that cyber criminals may exploit ChatGPT's AI Package Hallucination to spread malicious code, including malware infection. This is a post from HackRead.com Read the original post: ChatGPT’s False Information Generation Enables Code Malware

By Habiba Rashid The Stealth Soldier malware is capable of stealing browser data, recording audio and video, and much more. This is a post from HackRead.com Read the original post: Advanced Espionage Malware “Stealth Soldier” Hits Libyan Firms

WordPress Directorist plugin versions 7.5.4 and below suffer from insecure direct object reference and privilege escalation vulnerabilities.

By Habiba Rashid The innovative approach, known as “picture in picture,” capitalizes on users’ trust in familiar logos and promotions, making… This is a post from HackRead.com Read the original post: “Picture in Picture” Technique Exploited in New Deceptive Phishing Attack

New testimony from defectors reveals pervasive surveillance and monitoring of limited internet connections. For millions of others, the internet simply doesn't exist.

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The