5CVSS
8.5AI Score
0.0004EPSS
5CVSS
6.8AI Score
0.0004EPSS
5CVSS
6.9AI Score
0.0004EPSS
Hackers Targeting Human Rights Activists in Morocco and Western Sahara
Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the.....
7.2AI Score
Starry Addax targets human rights defenders in North Africa with new malware
Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware. Starry Addax conducts phishing attacks tricking their targets into installing malicious...
8.1AI Score
5CVSS
7.3AI Score
0.0004EPSS
April 9, 2024—KB5036909 (OS Build 20348.2402)
April 9, 2024—KB5036909 (OS Build 20348.2402) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when.....
8.8CVSS
8.4AI Score
0.004EPSS
April 9, 2024—KB5036894 (OS Build 22000.2899)
April 9, 2024—KB5036894 (OS Build 22000.2899) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out.....
8.8CVSS
8.2AI Score
0.004EPSS
KLA65511 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service, gain privileges, spoof user interface. Below is a complete list of...
8.8CVSS
9.8AI Score
0.004EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...
7.8CVSS
7AI Score
EPSS
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management...
8.7CVSS
6.7AI Score
0.0004EPSS
Top 3 API Leaks Identified by Cybersecurity & InfoSec Experts
APIs (Application Programming Interfaces) have proliferated widely, which increases their susceptibility to various vulnerabilities. In the realm of web applications, prime examples that stand out are SOAP (Simple Object Access Protocol) and Representational State Transfer (REST) APIs. Due to...
8.2AI Score
The Drop in Ransomware Attacks in 2024 and What it Means
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048.....
7.2AI Score
Google Sues App Developers Over Fake Crypto Investment App Scam
Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of...
7.1AI Score
CentOS 8 : firefox (CESA-2024:1484)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:1484 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...
7.5CVSS
9AI Score
0.001EPSS
7.4AI Score
7.4AI Score
7.4AI Score
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be...
5.5CVSS
5.9AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be...
5.5CVSS
7.2AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to...
3.5CVSS
3.7AI Score
0.0004EPSS
CVE-2024-3433 PuneethReddyHC Event Management register.php cross site scripting
A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to...
3.5CVSS
4.1AI Score
0.0004EPSS
CVE-2024-3432 PuneethReddyHC Event Management register.php sql injection
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be...
5.5CVSS
6.2AI Score
0.0004EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.6AI Score
0.0004EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.1AI Score
0.0004EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.8AI Score
0.0004EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.2AI Score
0.0004EPSS
Cookie consent choices are just being ignored by some websites
In news that is, sadly, unlikely to shock you, new research indicates that many websites ignore visitors' choices to refuse cookies and collect their data anyway. Researchers at the University of Amsterdam (UvA) analyzed 85,000 European websites and came to the conclusion that 90% of them violated....
7AI Score
An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list NetworkManager is a system network service that manages network...
7.3AI Score
mobsf is vulnerable to Server Side Request Forgery. The vulnerability is due to a flaw in the firebase database check logic, allowing attackers to manipulate the server to make connections to internal-only services within the organization's infrastructure when a malicious app is uploaded to the...
6.3CVSS
6.9AI Score
0.001EPSS
Pixel Watch Security Bulletin—April 2024
The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices (Google Devices). For Google devices, security patch levels of 2024-04-05 or later address all applicable issues in the April 2024 Android Security Bulletin and all issues in this bulletin.....
8AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.3AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.5AI Score
0.001EPSS
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...
6.3CVSS
6.2AI Score
0.001EPSS
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is...
6.3CVSS
7AI Score
0.001EPSS
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is...
6.3CVSS
6.7AI Score
0.001EPSS
CoralRaider targets victims’ data and social media accounts
Cisco Talos discovered a new threat actor we're calling "CoralRaider" that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This group focuses on stealing victims'...
6.8AI Score
Google patches critical vulnerability for Androids with Qualcomm chips
In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings...
9.8CVSS
8.6AI Score
0.001EPSS
7.4AI Score
7.4AI Score
AT&T confirms 73 million people affected by data breach
Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. The leaked data includes names, addresses, mobile phone numbers, dates of birth, and social security numbers. Malwarebytes VP of Consumer Privacy,...
7.4AI Score
Key Insights from the NCSC’s Vulnerability Management Guidance
In a world increasingly surrounded by cyber threats, the UK's National Cyber Security Centre (NCSC) offers vital guidance on Vulnerability Management, providing clear and actionable advice for tackling cyber threats. Their recommendations are essential for organizations to understand and mitigate.....
7.9AI Score
Trusted Advisor now available for Mac, iOS, and Android
First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven.....
6.9AI Score
Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung...
6.2CVSS
6.4AI Score
0.0004EPSS
Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image...
5.9CVSS
6.5AI Score
0.0004EPSS
Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of...
5.1CVSS
6.7AI Score
0.0004EPSS
Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store...
4.4CVSS
6.7AI Score
0.0004EPSS