Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Getting Smart With Cybersecurity: AI Can Help the Good Guys, Too

With the rapid advancement and adoption of artificial intelligence (AI) in cybersecurity, the benefits of speed and accuracy are becoming clearer every day.

DARKReading
Open in Source
#vulnerability#web#mac#intel#auth#ibm
CVE-2023-45746: Movable Type vulnerable to cross-site scripting

Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware

A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic

CVE-2023-46864: Path Traversal - Arbitrary File Download · Issue #171 · Peppermint-Lab/peppermint

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.

Surge in QR Code Quishing: Check Point Records 587% Attack Spike

By Deeba Ahmed Explore insights into the rise of Quishing attacks, the risks associated with QR code exploitation, and crucial preventive… This is a post from HackRead.com Read the original post: Surge in QR Code Quishing: Check Point Records 587% Attack Spike

'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy

Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: google Tags: dynamic search ads Tags: python Tags: pycharm Tags: malware Dynamically generated ads can be problematic when the content they are created from has been compromised. (Read more...) The post 'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy appeared first on Malwarebytes Labs.

iLeakage Attack: Theft of Sensitive Data from Apple’s Safari Browser

By Deeba Ahmed What happens in iLeakage attacks is that the CPU is tricked into executing speculative code that reads sensitive data from memory. This is a post from HackRead.com Read the original post: iLeakage Attack: Theft of Sensitive Data from Apple’s Safari Browser

CVE-2023-46854: Package Repositories - Proxmox VE

Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.

CVE-2023-46467: [CVE-2023-46467] There's an Stored XSS vulnerability in Juzaweb CMS

Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page.

CVE-2023-46468: [CVE-2023-46468] There's an RCE vulnerability in Juzaweb CMS

An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.