Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and...
Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups
An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French...
Smart Mobility has a Blindspot When it Comes to API Security
The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in...
How to Build a Research Lab for Reverse Engineering — 4 Ways
Malware analysis is an essential part of security researcher's work. But working with malicious samples can be dangerous — it...
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper...
LockBit 3.0 Ransomware Victim: nts[.]go[.]kr
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Brute Ratel C4 Detected – 54[.]65[.]93[.]113:80
The Information provided at the time of posting was detected as "Brute Ratel C4". Depending on when you are viewing...
Gpac denial of service | CVE-2023-1654
NAME__________Gpac denial of servicePlatforms Affected:GPAC GPAC 2.3-DEVRisk Level:4.8Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________Gpac is vulnerable to a denial of service,...
teachPress Plugin for WordPress cross-site scripting | CVE-2023-22704
NAME__________teachPress Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress teachPress Plugin for WordPress 8.1.8Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________teachPress Plugin for WordPress is vulnerable...
CTT Expresso para WooCommerce Plugin for WordPress cross-site scripting | CVE-2022-47589
NAME__________CTT Expresso para WooCommerce Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress CTT Expresso para WooCommerce Plugin for WordPress 3.2.11Risk Level:4.8Exploitability:HighConsequences:Cross-Site Scripting...
Gpac denial of service | CVE-2023-1654
NAME__________Gpac denial of servicePlatforms Affected:GPAC GPAC 2.3-DEVRisk Level:4.8Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________Gpac is vulnerable to a denial of service,...
Prestashop Redirections Manager SQL injection | CVE-2023-26864
NAME__________Prestashop Redirections Manager SQL injectionPlatforms Affected:Cerebrate project smplredirectionsmanager module for PrestaShop 1.1.19Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Prestashop Redirections Manager module is vulnerable...
crewjam/saml go library denial of service | CVE-2023-28119
NAME__________crewjam/saml go library denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________crewjam/saml go library is vulnerable to a denial of service,...
WP-CommentNavi Plugin for WordPress cross-site scripting | CVE-2023-22715
NAME__________WP-CommentNavi Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WP-CommentNavi Plugin for WordPress 1.12.1Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP-CommentNavi Plugin for WordPress is vulnerable...
Greenshift Plugin for WordPress cross-site scripting | CVE-2023-22707
NAME__________Greenshift Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Greenshift Plugin for WordPress 4.9.9Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Greenshift Plugin for WordPress is vulnerable...
Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms Plugin for WordPress cross-site scripting | CVE-2022-47173
NAME__________Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Connect Contact Form...
TemplatesNext ToolKit Plugin for WordPress cross-site scripting | CVE-2023-22712
NAME__________TemplatesNext ToolKit Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress TemplatesNext ToolKit plugin for WordPress 3.2.7Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________TemplatesNext ToolKit Plugin for...
Rust openssl crate information disclosure |
NAME__________Rust openssl crate information disclosurePlatforms Affected:Rust rust-openssl 0.10.47Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Rust openssl crate could allow a remote attacker to obtain...
Apple macOS Ventura information disclosure | CVE-2023-28192
NAME__________Apple macOS Ventura information disclosurePlatforms Affected:Apple macOS Ventura 13.2Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Ventura could allow a local attacker to...
Rust openssl crate denial of service |
NAME__________Rust openssl crate denial of servicePlatforms Affected:Rust rust-openssl 0.10.47Risk Level:5.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Rust openssl crate is vulnerable to a denial...
MISP cross-site scripting | CVE-2023-28884
NAME__________MISP cross-site scriptingPlatforms Affected:MISP MISP 2.4.168 MISP MISP 2.4.169Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________MISP is vulnerable to cross-site scripting, caused by improper...
Cerebrate project Cerebrate SQL injection | CVE-2023-28883
NAME__________Cerebrate project Cerebrate SQL injectionPlatforms Affected:Cerebrate project Cerebrate 1.13Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Cerebrate project Cerebrate is vulnerable to SQL injection. A...
Apple macOS Ventura security bypass | CVE-2023-23538
NAME__________Apple macOS Ventura security bypassPlatforms Affected:Apple macOS Ventura 13.2Risk Level:5.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apple macOS Ventura could allow a local attacker to...
Apple macOS Ventura buffer overflow | CVE-2023-27957
NAME__________Apple macOS Ventura buffer overflowPlatforms Affected:Apple macOS Ventura 13.2Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apple macOS Ventura is vulnerable to a buffer overflow,...
