Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari
Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day...
Daily Vulnerability Trends: Sat Apr 08 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-28205 No description provided CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases...
MSI confirms security breach following ransomware attack claims
Following reports of a ransomware attack, Taiwanese PC vendor MSI (short for Micro-Star International) confirmed today that its network was...
Massive Balada Injector campaign attacking WordPress sites since 2017
An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered...
Exploit available for critical bug in VM2 JavaScript sandbox library
Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that...
FBI warns of companies exploiting sextortion victims for profit
For-profit companies reportedly linked to sextortion activity are targeting victims using various deceptive tactics to pressure them into paying for...
CISA orders agencies to patch Backup Exec bugs used by ransomware gang
On Friday, U.S. Cybersecurity and Infrastructure Security Agency (CISA) increased by five its list of security issues that threat actors...
Brute Ratel C4 Detected – 54[.]168[.]127[.]93:80
The Information provided at the time of posting was detected as "Brute Ratel C4". Depending on when you are viewing...
US-CERT Vulnerability Summary for the Week of March 27, 2023
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info grinnellplans -- grinnellplans A vulnerability...
WindowSpy – A Cobalt Strike Beacon Object File Meant For Targetted User Surveillance
WindowSpy is a Cobalt Strike Beacon Object File meant for targetted user surveillance. The goal of this project was to...
Daily Threat Intelligence – April 07 – 2023
Of late, security researchers stumbled across a group of English-speaking European teenagers who are offering services such as malware-as-a-subscription, hacking...
Researchers Uncover Thriving Phishing Kit Market on Telegram Channels
In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors...
LockBit 3.0 Ransomware Victim: bhrcorp[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
CheckUser extension for MediaWiki denial of service | CVE-2023-29139
NAME__________CheckUser extension for MediaWiki denial of servicePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________CheckUser extension for MediaWiki is vulnerable to a denial...
GrowthExperiments extension for MediaWiki information disclosure | CVE-2023-29140
NAME__________GrowthExperiments extension for MediaWiki information disclosurePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GrowthExperiments extension for MediaWiki could allow a remote attacker to obtain...
GrowthExperiments extension for MediaWiki information disclosure | CVE-2023-29137
NAME__________GrowthExperiments extension for MediaWiki information disclosurePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GrowthExperiments extension for MediaWiki could allow a remote attacker to obtain...
MediaWiki denial of service | CVE-2023-29141
NAME__________MediaWiki denial of servicePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________MediaWiki is vulnerable to a denial of service, caused by an auto-block...
D-Link DIR-882 information disclosure | CVE-2023-26925
NAME__________D-Link DIR-882 information disclosurePlatforms Affected:Risk Level:5.3Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________D-Link DIR-882 could allow a remote attacker to obtain sensitive information,...
Qualcomm Chipsets information disclosure | CVE-2022-25737
NAME__________Qualcomm Chipsets information disclosurePlatforms Affected:Qualcomm ChipsetsRisk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Qualcomm Chipsets could allow a remote attacker to obtain sensitive information, caused...
Pimcore Perspective Editor cross-site scripting | CVE-2023-28850
NAME__________Pimcore Perspective Editor cross-site scriptingPlatforms Affected:Pimcore Perspective Editor 1.5.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Pimcore Perspective Editor is vulnerable to cross-site scripting, caused...
Qualcomm Chipsets denial of service | CVE-2022-33223
NAME__________Qualcomm Chipsets denial of servicePlatforms Affected:Qualcomm ChipsetsRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Qualcomm Chipsets is vulnerable to a denial of service, caused...
Bigfork Silverstripe Form Capture cross-site scripting | CVE-2023-28851
NAME__________Bigfork Silverstripe Form Capture cross-site scriptingPlatforms Affected:Bigfork Silverstripe Form Capture 0.2.0 Bigfork Silverstripe Form Capture 0.2.3 Bigfork Silverstripe Form Capture...
Qualcomm Chipsets denial of service | CVE-2022-25739
NAME__________Qualcomm Chipsets denial of servicePlatforms Affected:Qualcomm ChipsetsRisk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Qualcomm Chipsets is vulnerable to a denial of service, caused...
Quectel AG550QCN command execution | CVE-2023-26921
NAME__________Quectel AG550QCN command executionPlatforms Affected:Risk Level:7.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Quectel AG550QCN could allow a remote attacker to execute arbitrary commands...
