Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-45274: WordPress SendPulse Free Web Push plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.

CVE
Open in Source
#csrf#vulnerability#web#wordpress#auth
The forgotten malvertising campaign

Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: notepad Tags: hta Tags: malware Tags: google A sophisticated threat actor has been using Google ads to deliver custom malware payloads to victims for months while flying under the radar. (Read more...) The post The forgotten malvertising campaign appeared first on Malwarebytes Labs.

Why Zero Trust Is the Cloud Security Imperative

The security principle of zero trust is the cornerstone of robust cloud security.

Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign

Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting." The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs. The novel twist marks the latest iteration in an ongoing campaign that leverages compromised WordPress sites to serve unsuspecting

Customer data stolen from gaming cloud host Shadow

Categories: News Categories: Personal Tags: Shadow PC Tags: data breach Tags: Cloud service provider Shadow has notified customers about a data breach affecting over 500,000 users. (Read more...) The post Customer data stolen from gaming cloud host Shadow appeared first on Malwarebytes Labs.

CVE-2022-48612: James Connolly's Blog

A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.

YouTube Takes on Ad Blockers with Warning Pop-Ups

By Waqas Using YouTube? You might need to disable your ad blocker or whitelist YouTube.com. This is a post from HackRead.com Read the original post: YouTube Takes on Ad Blockers with Warning Pop-Ups

Is It Possible to Delete Yourself From the Internet Altogether?

By Owais Sultan Believe it or not, the internet is now over half a century old. Of course, it has really… This is a post from HackRead.com Read the original post: Is It Possible to Delete Yourself From the Internet Altogether?

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

CVE-2023-35024: IBM Cloud Pak for Business Automation cross-site scripting CVE-2023-35024 Vulnerability Report

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.