Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals

Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. But in this blog entry, we discuss how the use of the RomCom backdoor in recent attacks shows how Void Rabisu's motives seem to have...

Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php",...

Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection

The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-33981

Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one...

CVE-2023-33981

Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one...

CVE-2023-33981

Summary: Briar versions prior to 1.4.22 contain a vulnerability that allows attackers to spoof other users’ messages in blogs, forums, or private groups, requiring each spoofed message to be an exact duplicate of a legitimate message shown nearby. Affected software (as documented): Briar prior to...

How Connected Car Cyber Risk will Evolve

Learn how connected car cyber risk will evolve in the coming years...

blog-city.info Cross Site Scripting vulnerability OBB-3346663

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Craft Blog Theme <= 1.0.7 is vulnerable to Broken Access Control

Software Craft Blog Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 962dfabf18a9 Credits Dave Jong Patchstack Required...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The list is maintained on this page...

Cyberpress Launches Cybersecurity Press Release Distribution Platform

By Cyberpress Dubai / May 1st 2023 / Cyberpress -- Cybersecurity gets a new dedicated newswire. Cyberpress, a press release… This is a post from HackRead.com Read the original post: Cyberpress Launches Cybersecurity Press Release Distribution Platform...

A Republican-Led Lawsuit Threatens Critical US Cyber Protections

Three states are suing to block security rules for water facilities. If they win, it may open the floodgates for challenges to other cyber rules...

How to Reclaim Your Online Privacy

We talk to the Signal Foundation’s Meredith Whittaker about how the surveillance economy is newer than we all might realize—and what we can do to fight back...

CVE-2023-27419

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Viable Blog theme = 1.1.4 versions...

CVE-2023-27419

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Viable Blog theme = 1.1.4 versions...

CVE-2023-27419

CVE-2023-27419 affects the WordPress Viable Blog theme ( 1.1.4 when available; monitor for a confirmed fixed release. If upgrading is not immediately possible, monitor vendor advisories for a confirmed patch. The vulnerability is unpatched/not publicly fixed in the supplied sources.

CVE-2023-27419 WordPress Viable blog Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Viable Blog theme = 1.1.4 versions...

WordPress theme Viable Blog 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Viable Blog version 1.1.4 and earlier...

PT-2023-21107 · Unknown · Everest Themes Viable Blog Theme

Name of the Vulnerable Software and Affected Versions: Everest themes Viable Blog theme versions = 1.1.4 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing...

How To Delete Your Data From ChatGPT

OpenAI has new tools that give you more control over your information—although they may not go far enough...