#ruby

North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.

WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.

CMS NEXIN version 2.0 appears to leave default credentials installed after installation.

Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.

Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.