Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms
Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio,...
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October...
Malvertising Campaign Targets Brazil’s PIX Payment System with GoPIX Malware
The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate...
The Rise of S3 Ransomware: How to Identify and Combat It
In today's digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the...
Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram
Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users....
Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code...
LockBit 3.0 Ransomware Victim: mgbwlaw[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: linkmicrotek[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: ambic[.]co[.]uk
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: excon[.]cl
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: fern-plastics[.]co[.]uk
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: camico[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: martinsonservices[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Add Custom Body Class plugin for WordPress cross-site scripting | CVE-2023-5205
NAME__________Add Custom Body Class plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Add Custom Body Class plugin for WordPress 1.4.1 WordPress Add...
IBM TXSeries denial of service | CVE-2023-42031
NAME__________IBM TXSeries denial of servicePlatforms Affected:IBM TXSeries for Multiplatforms 8.1 IBM TXSeries for Multiplatforms 8.2 IBM TXSeries for Multiplatforms 9.1...
Soisy Pagamento Rateale plugin for WordPress information disclosure | CVE-2023-5132
NAME__________Soisy Pagamento Rateale plugin for WordPress information disclosurePlatforms Affected:WordPress Soisy Pagamento Rateale plugin for WordPress 6.0.1 WordPress Soisy Pagamento Rateale...
Kodbox cross-site scripting | CVE-2023-45998
NAME__________Kodbox cross-site scriptingPlatforms Affected:kodbox kodbox 1.44Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Kodbox is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Serial Numbers for WooCommerce License Manager Plugin for WordPress cross-site request forgery | CVE-2023-46078
NAME__________Serial Numbers for WooCommerce License Manager Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Serial Numbers for WooCommerce License...
SALESmanago plugin for WordPress security bypass | CVE-2023-4939
NAME__________SALESmanago plugin for WordPress security bypassPlatforms Affected:WordPress SALESmanago plugin for WordPress 3.2.4 WordPress SALESmanago plugin for WordPress 3.2.3Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security...
WBCE cross-site scripting | CVE-2023-46054
NAME__________WBCE cross-site scriptingPlatforms Affected:WBCE CMS WBCE CMS 1.6.1Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WBCE is vulnerable to cross-site scripting, caused by improper validation...
Rocket Font Plugin for WordPress cross-site request forgery | CVE-2023-46067
NAME__________Rocket Font Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Rocket Font Plugin for WordPress 1.2.3Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Rocket Font Plugin...
sbt directory traversal | CVE-2023-46122
NAME__________sbt directory traversalPlatforms Affected:sbt sbt 1.9.6Risk Level:5.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________sbt could allow a remote attacker to traverse directories on the system,...
Wp Ultimate Review Plugin for WordPress cross-site request forgery | CVE-2023-46085
NAME__________Wp Ultimate Review Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Wp Ultimate Review Plugin for WordPress 2.2.4Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Wp...
SuperWebMailer code execution | CVE-2023-38193
NAME__________SuperWebMailer code executionPlatforms Affected:SuperWebMailer SuperWebMailer 9.00.0.01710Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________SuperWebMailer could allow a remote authenticated attacker to execute arbitrary code on...
