New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been...
HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks...
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Certain online risks to children are on the rise, according to a recent report from Thorn, a technology nonprofit whose...
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two...
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector,...
U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its...
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that...
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a...
US-CERT Vulnerability Summary for the Week of October 2, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- agentLocal privilege escalation due to improper soft link handling. The...
Spoofy – Program That Checks If A List Of Domains Can Be Spoofed Based On SPF And DMARC Records
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records....
HackerOne Bug Bounty Disclosure: b-uaf-on-jsethereumprovider-b-nick-ve
Company Name: b'Brave Software' Company HackerOne URL: https://hackerone.com/brave Submitted By:b'nick0ve'Link to Submitters Profile:https://hackerone.com/b'nick0ve' Report Title:b'UAF on JSEthereumProvider'Report Link:https://hackerone.com/reports/1977252Date Submitted:11 October...
HackerOne Bug Bounty Disclosure: b-cve-cookie-injection-with-none-file-b-w-x
Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'w0x42'Link to Submitters Profile:https://hackerone.com/b'w0x42' Report Title:b'CVE-2023-38546: cookie injection with none file'Report Link:https://hackerone.com/reports/2148242Date...
HackerOne Bug Bounty Disclosure: b-cve-socks-heap-buffer-overflow-b-raysatiro
Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'raysatiro'Link to Submitters Profile:https://hackerone.com/b'raysatiro' Report Title:b'CVE-2023-38545: socks5 heap buffer overflow'Report Link:https://hackerone.com/reports/2187833Date Submitted:11...
Black Basta Ransomware Victim: HAEFFNER-ASP
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Black Basta Ransomware Victim: GREGAGG
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Black Basta Ransomware Victim: STANTONWILLIAMS
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Black Basta Ransomware Victim: REH
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: foremostgroups[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Microsoft Windows Mark of the Web security bypass | CVE-2023-36584
NAME__________Microsoft Windows Mark of the Web security bypassPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10...
Lenovo Desktop products privilege escalation | CVE-2023-43574
NAME__________Lenovo Desktop products privilege escalationPlatforms Affected:Lenovo DesktopRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Lenovo Desktop products could allow a local authenticated attacker to gain...
Microsoft Windows Runtime C++ Template Library privilege escalation | CVE-2023-36711
NAME__________Microsoft Windows Runtime C++ Template Library privilege escalationPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10...
Google Chrome security bypass | CVE-2023-5486
NAME__________Google Chrome security bypassPlatforms Affected:Google Chrome 118.0Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Google Chrome could allow a remote attacker to bypass security restrictions,...
Microsoft Windows Message Queuing code execution | CVE-2023-36593
NAME__________Microsoft Windows Message Queuing code executionPlatforms Affected:Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 x32 Microsoft...
Unisoc Chipsets information disclosure | CVE-2023-40641
NAME__________Unisoc Chipsets information disclosurePlatforms Affected:Unisoc SC9863ARisk Level:4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Unisoc Chipsets could allow a local authenticated attacker to obtain sensitive information,...
