#web

Gentoo Linux Security Advisory 202402-33 - A vulnerability has been found in PyYAML which can lead to arbitrary code execution. Versions greater than or equal to 5.4 are affected.

Hospital Management System version 1.0 suffers from insecure direct object reference and account takeover vulnerabilities.

Hospital Management System version 1.0 suffers from a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-0983-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.

By Deeba Ahmed Brand Hijacking Alert: Guardio Reveals Malicious Actors Using Trusted Brands for Phishing. This is a post from HackRead.com Read the original post: ResurrecAds Attack Hijacks Brand Names, Spreads Spam Via ‘SubdoMailing’

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a temporary denial-of-service (DoS) condition for a certain period of time in the product's Ethernet communication by performing a TCP SYN Flood attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric MELSEC iQ-F Series, a compact control platform, are affected: Products with * are sold in limited regions. MELSEC iQ-F FX5U-32MT/ES: All Versions MELSEC iQ-F FX5U-32MT/DS: All Versions MELSEC iQ-F FX5U-32MT/ESS: All Versions MELSEC iQ-F FX5U-32MT/DSS: All Versions MELSEC iQ-F FX5U-32MR/ES: All Versions MELSEC iQ-F FX5U-32MR/DS: All Versions MELSEC iQ-F FX5U-64MT/ES: All Versions MELSEC iQ-F FX5U-64MT/ESS: All Versions MELSEC iQ-F FX5U-64MT/D...

Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, "the largest information-gathering enterprise ever conceived by man."

The German BSI has published its 2023 state of IT security report which names identity theft as the main threat for consumers.

A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress