17 matches found
CVE-2026-35448
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...
CVE-2026-35448
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...
CVE-2026-35448 WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...
AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php
Summary The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitco...
GHSA-3V7M-QG4X-58H9 AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php
Summary The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitco...
PT-2026-30333
Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without authentication. The endpoint was intended as an AJAX polling helper for the authenticated...
MAL-2024-8744 Malicious code in bitcoin-address-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bb543ed42a9c4e7386578dde42e2f9f8c6274c88b87358bff00e48a6fa2ea87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bitcoin-address-validator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bb543ed42a9c4e7386578dde42e2f9f8c6274c88b87358bff00e48a6fa2ea87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
UPDATE: As of March 2, 2022, Conti began taking down exposed infrastructure as a result of the chat disclosure. At that time, we assessed that due to their sophisticated capability, deep funding, and quick recovery from exposed infrastructure in November 2021, they remained an active and...
Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update
Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update By Taylor Mullins, Mo Cashman and Raj Samani · January 20, 2022 Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not only...
U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers
In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins currently valued at $2.3 million paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The...
Ultrasonic Beacons Are Tracking Your Every Movement
More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising. Academics from Technische Universitat Braunschweig in Germany recently published a paper in which they describe their...
‘Popcorn Time’ Ransomware Sure to Cause Indigestion
ARCHIVED STORY ‘Popcorn Time’ Ransomware Sure to Cause Indigestion By Tim Hux · December 19, 2016 In early December the new ransomware “Popcorn Time” was discovered. It gives the victim the option of paying the ransom or infecting two other individuals and getting them to pay. “Popcorn Time” is a...
Cybercrime Group Switches from Angler Exploit Kit to Neutrino
A prominent cybercrime actor or group has been kicking the tires on the Neutrino Exploit Kit to move ransomware and other malware, the SANS Institute’s Internet Storm Center reported today. Neutrino is a tier below the prolific Angler Exploit Kit, which is frequently at the heart of new attacks,...
Cryptowall 3.0 Infections Spike from Angler EK, Malicious Spam
Since the Angler Exploit Kit began in late May spreading Cryptowall 3.0 ransomware, traffic containing the malware has continued to grow, putting more potential victims in harm’s way. Today, the SANS Internet Storm Center reported that Cryptowall 3.0 infections are emanating from not only the...
Machines Infected by Locker Ransomware Decrypted
Update: Computers infected by the Locker crypto-ransomware were today decrypted as promised by the malware’s author, who last week posted the decryption keys to an upload site and apologized for releasing the malware. Lawrence Abrams of Bleeping Computer said the infected computers were decrypted...
FBI Seized 144,000 Bitcoins worth $28.5 Million From Silk Road Bust
The world’s favorite crypto-currency has made rounds in the headlines this week. The FBI had managed to seize 144,000 Bitcoins worth some $28.5 million at current exchange rates from Silk Road's founder, that's the largest ever seizure of the cryptocurrency. Bitcoin is an open-source,...