Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web

By Waqas Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from… This is a post from HackRead.com Read the original post: Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web

HackRead
Open in Source
#web#ios#apple#git#java#asus#auth
Ubuntu Security Notice USN-6782-1

Ubuntu Security Notice 6782-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js.

Zoom Announces Advanced Encryption for Increased Meeting Security

By Deeba Ahmed Your Zoom meetings are now more secure than ever! This is a post from HackRead.com Read the original post: Zoom Announces Advanced Encryption for Increased Meeting Security

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation.

Breakthrough for Solv Protocol: $1 Billion TVL, Now a Top 32 DeFi Player

By Uzair Amir New York City, May 22 – Solv Protocol, a unified yield and liquidity layer for major digital assets,… This is a post from HackRead.com Read the original post: Breakthrough for Solv Protocol: $1 Billion TVL, Now a Top 32 DeFi Player

Criminal record database of millions of Americans dumped online

A notorious cybercriminal involved in breaches has released a database containing 70 million US criminal records.

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as

Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown

By Waqas The strange and tricky world of cybercrime and the dark web is getting stranger and trickier! This is a post from HackRead.com Read the original post: Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown

GHSA-jqr7-5h7r-ch8p: Shopware Non-Persistent XSS in the Frontend

A non-persistent Cross-Site Scripting (XSS) vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web browser.

GHSA-h6mp-mc7g-mg49: scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a [security issue in JWT](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/), which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication.