Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Jobs Finder System 1.0 SQL Injection

Jobs Finder System version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia

A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz. The Cyberint Research Team, which discovered the malware, said it's distributed in the form of malicious installers for legitimate applications targeting Korean and Chinese speakers. There is evidence pointing to UULoader being the work of a Chinese speaker due to the

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical report. "The infection utilizes a trojanized MSIX installer, which executes a PowerShell script to

Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.

Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

Plus: US regulators fine T-Mobile $60 million for mishap with sensitive data, New Zealand approves Kim Dotcom’s US extradition, and San Francisco takes on deepfake porn.

OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda

OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election. "This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as

The Slow-Burn Nightmare of the National Public Data Breach

Social Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.