#php

In a new malware campaign, threat actors are using Google ads to target Mac users looking to download Microsoft Teams.

WordPress Poll Maker plugin version 5.3.2 suffers from a remote SQL injection vulnerability.

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It

In [v1.5](https://github.com/PrivateBin/PrivateBin/blob/master/CHANGELOG.md#15-2022-12-11) we introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. Neither the confidentially of existing pastes on the server nor the configuration options including the YOURLs token are affected. ### Impact This issue only affects non-standard configurations of PrivateBin. Instances are affected if all of the following conditions are met: 1. The PrivateBin instance enables URL shortening. 2. A YOURLs URL shortener is used and it is configured not to be public and require a...

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments.

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack

WordPress Poll plugin version 2.3.6 suffers from a remote SQL injection vulnerability.

ResidenceCMS versions 2.10.1 and below suffer from a persistent cross site scripting vulnerability.

PMS 2024 version 1.0 suffers from a remote SQL injection vulnerability.

Simple Online Banking System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.