Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Blogator 0.93 Cross Site Scripting

Blogator version 0.93 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#google#auth#firefox
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Cross Site Scripting

Bazaar Social Listing Shopping Web PHP Template version 2.3.2 suffers from a cross site scripting vulnerability.

BreachForums’ Pompompurin Pleads Guilty to Holding Child Abuse Content

By Waqas According to court documents, devices owned by Pompompurin contained 600 explicit images of child abuse, which led him to plead guilty in court. This is a post from HackRead.com Read the original post: BreachForums’ Pompompurin Pleads Guilty to Holding Child Abuse Content

Defend Against Insider Threats: Join this Webinar on SaaS Security Posture Management

As security practices continue to evolve, one primary concern persists in the minds of security professionals—the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, pose a significant challenge to safeguarding sensitive data. To effectively address insider risks, organizations must

AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plain Text

All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users' passwords being added to the database in plaintext format. "A malicious site administrator (i.e. a user already logged into the site as an admin) could then have read them," UpdraftPlus, the maintainers of AIOS,

CVE-2023-3672: XSS mitigation · PlaidWeb/webmention.js@3551b66

Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.

TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform (GCP) services, marking the adversary's expansion in targeting beyond Amazon Web Services (AWS). The findings come from SentinelOne and Permiso, which said the "campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew,"

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such strain to focus on SOHO routers after ZuoRAT and HiatusRAT over the past year. "This makes AVrecon one

Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the company said in an advisory. It also said that the issue has been addressed and that it's expected to