Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Protecting Tomorrow's World: Shaping the Cyber-Physical Future

The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed

The Hacker News
Open in Source
#web#git#The Hacker News
GHSA-x4x5-jx9j-mmv7: pyspider Cross-site Scripting vulnerability

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Data broker exposes 600,000 sensitive files including background checks

A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.

Propertyrec Leak Exposes Over Half a Million Background Check Records

Summary A critical data security lapse has left a massive trove of personal information vulnerable, raising concerns about…

New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities

New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities. The competition for the best question on the topic of VM continues. 😉🎁 📹 Video on YouTube, LinkedIn🗞 Post on Habr (rus)🗒 Digest […]

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

### Impact Timing attacks on Galois Field multiplications in this package. Successful exploitation would effectively allow a downgrade of the security guarantees of the XTS mode to the security guarantees of ECB mode, allowing block swapping, enabling identification of identical blocks, and rendering half of the XTS key obsolete. Timing attacks require specific conditions to be exploitable. ### Patches Patched in 2024.11.26 ### Workarounds Upgrade the package ### References https://en.wikipedia.org/wiki/Timing_attack

'Operation Undercut' Adds to Russia Malign Influence Campaigns

Just like Russia's Doppelgänger effort, the goal is to spread misinformation about Ukraine and Western efforts to help Ukraine in its war with Russia.

GHSA-4gwv-fpmg-cmv2: Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name.

Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday

A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.

Ethereum’s Layer 2 Solutions Could Outrun the Main Blockchain by 2030

According to recent reports, Ethereum’s Layer 2 solutions could reach an impressive $1 trillion market capitalization by 2030.…