Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-2396: CVE/POC.md at 83c243538386cd0761025f85eb747eab7cae5c21 · CyberThoth/CVE

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#php#chrome#webkit
Transparent Tribe begins targeting education sector in latest campaign

Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group.This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government entities.The attacks result in... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs

"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.

Ransomware rolled through business defenses in Q2 2022

2022 is shaping up to be another banner year for ransomware, which continued to dominate the threat landscape in Q2. The post Ransomware rolled through business defenses in Q2 2022 appeared first on Malwarebytes Labs.

Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign

While the war in Ukraine still rages, various threat actors continue to launch cyber attacks against its government entities. In this blog we review the latest campaign from the UAC-0056 threat group. The post Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign appeared first on Malwarebytes Labs.

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.

CVE-2022-32065: Vulnerability: The html file can be uploaded where the avatar is uploaded, and its content not be filtered, which resulting in stored XSS in Ruoyi cms · Issue #118 · yangzongzhuan/RuoYi

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.

New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issues are tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers releasing

Update now—July Patch Tuesday patches include fix for exploited zero-day

July's Patch Tuesday gives us a lot of important security updates. Most prominently, a known to be exploited vulnerability in Windows CSRSS. The post Update now—July Patch Tuesday patches include fix for exploited zero-day appeared first on Malwarebytes Labs.