Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2022-43120: Cross Site Scripting (XSS) in Add Field Page · Issue #894 · intelliants/subrion

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.

CVE
Open in Source
#xss#vulnerability#web#git#intel
CVE-2022-43121: Cross Site Scripting (XSS) in Members Add · Issue #895 · intelliants/subrion

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.

Industrial Control Systems (ICS) Security Market Worth $23.7B by 2027, Report Says

The market growth is driven by the convergence of IT and OT systems. By region, North America is estimated to account for the largest market size during the forecast period.

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

It's Time to See Cybersecurity Regulation as a Friend, Not a Foe

There's real value in having a better perspective around future regulation and compliance requirements.

Bugcrowd Names David Gerry Chief Executive Officer

AppSec and Cybersecurity veteran will leverage his strong institutional experience as demand for crowdsourced cybersecurity solutions grows.

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a

The Company You Keep – Preparing for supply chain attacks with Talos IR

Organizations must proactively limit supply chain risks through careful selection of the company they keep while preparing to respond to an incident that will invariably originate from the supply chain.

Retail Sector Prepares for Annual Holiday Cybercrime Onslaught

Retailers and hospitality companies expect to battle credential harvesting, phishing, bots, and various malware variants.