Hackers Exploit Critical Vulnerability in ownCloud
Security experts have urged ownCloud customers to mitigate a critical zero-day vulnerability in its “graphapi” app announced last week, after...
Google Fixes Sixth Chrome Zero-Day Bug of the Year
Google has released an update for Chrome to fix several new vulnerabilities, including one rated high severity that is currently...
DeleFriend Weakness Puts Google Workspace Security at Risk
Security researchers have uncovered a new design flaw in the Google Workspace Domain-Wide Delegation feature. Named “DeleFriend” by Hunters’ Team Axon, the vulnerability could...
A Fifth of UK SMBs Can’t Spot Scams
A worrying 17% of the UK’s small and medium-sized businesses (SMBs) can’t always spot the tell-tale signs of online fraud...
AI Boosts Malware Detection Rates by 70%
Threat intelligence-sharing platform VirusTotal has unveiled new research showing how AI can be used by cyber defenders to enhance malware...
GoTitan Botnet and PrCtrl RAT Exploit Apache Vulnerability
Threat actors have been observed exploiting a critical vulnerability, CVE-2023-46604, in Apache systems. Over the past few weeks, Fortiguard Labs identified multiple...
Estante Virtual – 5,412,603 breached accounts
HIBP In February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers. The exposed...
Bleach Anime Forum – 143,711 breached accounts
HIBP In 2015, the now defunct independent forum for the Bleach Anime series suffered a data breach that exposed 144k...
US-CERT Vulnerability Summary for the Week of November 20, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- after_effectsAdobe After Effects version 24.0.2 (and earlier) and 23.6 (and...
MaccaroniC2 – A PoC Command And Control Framework That Utilizes The Powerful AsyncSSH
MaccaroniC2 is a proof-of-concept Command and Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client...
DynastyPersist – A Linux Persistence Tool!
A Linux persistence tool! A powerful and versatile Linux persistence script designed for various security assessment and testing scenarios. This...
HiddenDesktop – HVNC For Cobalt Strike
Hidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session...
CSV Feeds PRO module for PrestaShop information disclosure | CVE-2023-46355
NAME__________CSV Feeds PRO module for PrestaShop information disclosurePlatforms Affected:PrestaShop CSV Feeds PRO module for PrestaShop 2.5.2 PrestaShop CSV Feeds PRO...
Pandora FMS file upload | CVE-2023-41812
NAME__________Pandora FMS file uploadPlatforms Affected:Artica Pandora FMS 773 Artica Pandora FMS 700Risk Level:5.6Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Pandora FMS could allow a remote...
WP Shortcodes Plugin Shortcodes Ultimate for WordPress cross-site scripting | CVE-2023-6225
NAME__________WP Shortcodes Plugin Shortcodes Ultimate for WordPress cross-site scriptingPlatforms Affected:WordPress WPB Show Core Plugin for WordPress 2.2Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting...
Anyscale RAY server-side request forgery | CVE-2023-48023
NAME__________Anyscale RAY server-side request forgeryPlatforms Affected:Anyscale RAY 2.6.3 Anyscale RAY 2.8.0Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Anyscale RAY is vulnerable to server-side request...
WP Shortcodes Plugin for WordPress information disclosure | CVE-2023-6226
NAME__________WP Shortcodes Plugin for WordPress information disclosurePlatforms Affected:WordPress WPB Show Core Plugin for WordPress 2.2Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________WP Shortcodes Plugin...
Chamilo LMS command execution | CVE-2023-4222
NAME__________Chamilo LMS command executionPlatforms Affected:Chamilo Chamilo LMS 1.11.23Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Chamilo LMS could allow a remote authenticated attacker to execute...
Cryptography package for Python denial of service | CVE-2023-49083
NAME__________Cryptography package for Python denial of servicePlatforms Affected:Python Cryptographic Authority cryptography 41.0.5Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Cryptography package for Python is...
NETGEAR NMS300 privilege escalation |
NAME__________NETGEAR NMS300 privilege escalationPlatforms Affected:NETGEAR NMS300Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________NETGEAR NMS300 could allow a local authenticated attacker to gain elevated privileges...
BookingPress Plugin for WordPress file upload | CVE-2023-6219
NAME__________BookingPress Plugin for WordPress file uploadPlatforms Affected:WordPress WPB Show Core Plugin for WordPress 2.2Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________BookingPress Plugin for WordPress...
Zyxel products denial of service | CVE-2023-4397
NAME__________Zyxel products denial of servicePlatforms Affected:Zyxel USG FLEX 50(W) / USG20(W)-VPN ZLD 5.00 Zyxel ATP series 5.37 Zyxel USG FLEX...
Zyxel products denial of service | CVE-2023-4398
NAME__________Zyxel products denial of servicePlatforms Affected:Zyxel USG FLEX 5.20 Zyxel USG FLEX 50(W) 4.16 Zyxel USG20(W)-VPN 4.16 Zyxel ATP series...
Chamilo LMS command execution | CVE-2023-4221
NAME__________Chamilo LMS command executionPlatforms Affected:Chamilo Chamilo LMS 1.11.23Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Chamilo LMS could allow a remote authenticated attacker to execute...
