Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:...
4.3CVSS
5.2AI Score
0.001EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:...
4.3CVSS
2.6AI Score
0.001EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:...
4.3CVSS
4AI Score
0.001EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:...
4.3CVSS
4AI Score
0.001EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:...
4.3CVSS
4.9AI Score
0.001EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity:...
6.5CVSS
6.3AI Score
0.001EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity:...
6.9AI Score
0.001EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:...
5.8AI Score
0.001EPSS
DataSurgeon (ds) is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot...
-0.3AI Score
Warning issued over Royal ransomware
As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency (CISA) has published a Cybersecurity Advisory (CSA) about Royal ransomware. Royal ransomware is a Ransomware-as-a-service (Raas) that first made an appearance in January 2022. In September of that year, it...
0.4AI Score
KLA48512 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: Implementation...
8.8CVSS
8.8AI Score
0.015EPSS
Google Chrome < 111.0.5563.64 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 111.0.5563.64. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023_03_stable-channel-update-for-desktop advisory. Use after free in Swiftshader. (CVE-2023-1213) Type Confusion in V8....
8.9AI Score
0.015EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called....
6.5CVSS
6.8AI Score
0.001EPSS
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called....
4.3CVSS
5.8AI Score
0.001EPSS
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 111 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 111.0.5563.64 (Linux and Mac), 111.0.5563.64/.65( Windows) contains a number of fixes and improvements -- a list of changes...
8.8CVSS
8.3AI Score
0.015EPSS
WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...
9.8CVSS
9.9AI Score
0.006EPSS
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...
5.5CVSS
5.2AI Score
0.0004EPSS
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...
5.5CVSS
5.2AI Score
0.0004EPSS
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...
5.5CVSS
5.2AI Score
0.0004EPSS
Threat Roundup (Feb. 24 - March 3)
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 24 and March 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,....
6.7AI Score
Nick Weaver on Regulating Cryptocurrency
Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space--with all existing regulations. His conclusion: Regulators, especially regulators in the United States, often fear accusations of stifling innovation. As such, the cryptocurrency space...
1.3AI Score
Summary The vulnerability addressed by WebSphere Liberty prevents identity spoofing by an authenticated user. Vulnerability Details ** CVEID: CVE-2022-22476 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an.....
8.8CVSS
7.9AI Score
0.001EPSS
Royal Ransomware Targets Organizations with Custom Encryption and Double Extortion Tactics
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary Since September 2022, threat actors have been attacking both US and international organizations using a version of ransomware called Royal. This ransomware is unique...
2.4AI Score
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...
5.5AI Score
0.0004EPSS
Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI
A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware...
AI Score
Ransomware led to multiple DISH Network outages
Satellite broadcast organisation DISH experienced a major system issue over the past week which affected multiple services. Websites and channels were unavailable, logins were non-functional, and some folks couldn't even pay their bills as a result of the downtime. There was a suspicion that...
-0.2AI Score
Updated chromium-browser-stable packages fix security vulnerability
Chromium updated Chromium to 110.0.5481.177 to fix vulnerabilities including [CVE-2023-0927] Use after free in Web Payments API. [CVE-2023-0928] Use after free in SwiftShader. [CVE-2023-0929] Use after free in Vulkan. [CVE-2023-0930] Heap buffer overflow in Video. [CVE-2023-0931] Use after free in....
8.8CVSS
9.7AI Score
0.003EPSS
Could Bitcoin Be The Future Of DeFi?
By Waqas Bitcoin has both security and liquidity, and now, with the addition of smart contract capabilities, it has all the ingredients required for DeFi to take off. This is a post from HackRead.com Read the original post: Could Bitcoin Be The Future Of...
2.2AI Score
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. ...
7.5CVSS
5.5AI Score
0.001EPSS
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. ...
7.5CVSS
7AI Score
0.001EPSS
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. ...
7.5CVSS
7.2AI Score
0.001EPSS
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. ...
4.3CVSS
7.3AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin...
5.4CVSS
6AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin...
5.4CVSS
5.6AI Score
0.0005EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin...
5.4CVSS
5.6AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin...
8.8CVSS
6.5AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <=...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin...
5.4CVSS
5.9AI Score
0.0005EPSS
Why Attackers Target the Healthcare Industry
Key Takeaways: Personal health information (PHI) is an incredibly valuable category of personal data. When compromised and sold on the dark web, this data can be sold for thousands of dollars. Healthcare is a valuable target to attackers, including the group Killnet, which targeted healthcare...
0.8AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin...
5.4CVSS
9.1AI Score
0.001EPSS
Summary The vulnerabilities addressed include access control, sensitive information disclosure, cross site scripting and directory traversal. Vulnerability Details ** CVEID: CVE-2020-5002 DESCRIPTION: **IBM Financial Transaction Manager could allow an authenticated user to perform unauthorized...
9.1CVSS
6.7AI Score
0.002EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings...
4.3CVSS
4.7AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings...
4.3CVSS
4.6AI Score
0.0005EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings...
4.3CVSS
4.7AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings...
4.3CVSS
5AI Score
0.0005EPSS
Stripe Payments For WooCommerce by Checkout < 1.4.11 - Settings Update via CSRF
The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such action via a CSRF...
4.3CVSS
5.1AI Score
0.0005EPSS
The mobile malware threat landscape in 2022
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new...
-0.1AI Score
Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme
The Dutch police announced the arrest of three individuals in connection with a "large-scale" criminal operation involving data theft, extortion, and money laundering. The suspects include two 21-year-old men from Zandvoort and Rotterdam and an 18-year-old man without a permanent residence. The...
0.8AI Score
Microsoft Edge (Chromium) < 110.0.1587.56 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 110.0.1587.56. It is, therefore, affected by multiple vulnerabilities as referenced in the February 25, 2023 advisory. Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a...
9.7AI Score
0.003EPSS