Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

User Registration And Login And User Management System 3.2 SQL Injection

User Registration and Login and User Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
#sql#csrf#vulnerability#web#mac#google#linux#intel#php#auth#firefox
Fake Lawsuit Threat Exposes Privnote Phishing Sites

A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.

Introducing Confidential Containers Trustee: Attestation Services Solution Overview and Use Cases

In confidential computing environments, attestation is crucial in verifying the trustworthiness of the location where you plan to run your workload or where you plan to send confidential information. Before actually running the workload or transmitting the confidential information, you need to perform attestation.This blog provides an overview of the components implemented in the confidential containers (CoCo) to support the IETF RATS model (Remote ATtestation procedureS Architecture). The components include the Attestation Service (AS), Key Broker Service (KBS), Reference Value Provider Servi

Google patches critical vulnerability for Androids with Qualcomm chips

Google has issued patches for 28 security vulnerabilities, including a critical patch for Androids with Qualcomm chips.

How Soccer's 2022 World Cup in Qatar Was Nearly Hacked

A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says.

GHSA-vjhf-6xfr-5p9g: KubeVirt NULL pointer dereference flaw

A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.

The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind

The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

China-Linked Threat Actor Taps 'Peculiar' Malware to Evade Detection

UNAPIMON works by meticulously disabling hooks in Windows APIs for detecting malicious processes.