Lucene search
K

2551 matches found

Malwarebytes
Malwarebytes
added 2025/11/17 1:57 p.m.10 views

Scammers are sending bogus copyright warnings to steal your X login

One of my favorite Forbes correspondents recently wrote about receiving several fake copyright-infringement notices from X. Let’s suppose you get an email claiming it’s from X, warning: “We’ve received a DMCA notice regarding your account.” Chances are, you’ll be wondering what you did wrong. DMC...

6.6AI score
Exploits0
Cvelist
Cvelist
added 2025/11/14 12:39 p.m.17 views

CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

8.1CVSS0.00334EPSS
Exploits0References2
CVE
CVE
added 2025/11/14 12:39 p.m.19 views

CVE-2025-8855

Optimus Software Brokerage Automation before version 1.1.71 is affected by multiple auth-related issues: Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, and Authentication Bypass by Assumed-Immutable Data. These flaws enable exploitation ...

8.1CVSS5.4AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/14 12:39 p.m.4 views

CVE-2025-8855 2FA Expiry Bypass in Optimus Software's Brokerage Automation

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry...

8.1CVSS5.4AI score0.00334EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/11/11 11:44 a.m.12 views

Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers

Cybersecurity researchers have disclosed details of a new Android remote access trojan RAT called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service MaaS model. According to its seller, the malware enables device control and espionage, allowing threat actor...

6.8AI score
Exploits0
NCSC
NCSC
added 2025/11/07 10:7 a.m.18 views

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. The vulnerabilities include a stack-based buffer overflow that allows authenticated attackers to execute unauthorized code via specially crafted CLI commands. In addition, there are issues with incorrect certificate validation that all...

7.8CVSS7.3AI score0.00402EPSS
Exploits2References6
OSV
OSV
added 2025/11/05 6:8 p.m.5 views

DRUPAL-CONTRIB-2025-115

The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already have valid user credentials username and...

5.4CVSS7AI score0.00179EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/05 12:0 a.m.7 views

Drupal Email TFA module < 2.0.6 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Email TFA versions 2.0.6...

5.4CVSS7AI score0.00179EPSS
Exploits0Affected Software1
Drupal
Drupal
added 2025/11/05 12:0 a.m.10 views

Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115

The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already have valid user credentials username and...

5.4CVSS5.5AI score0.00179EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2025/11/03 8:5 a.m.6 views

A week in security (October 27 &#8211; November 2)

Last week on Malwarebytes Labs: Update Chrome now: 20 security fixes just landed How scammers use your data to create personalized tricks that work Ransomware gang claims Conduent breach: what you should watch for next Fake PayPal invoice from Geek Squad is a tech support scam Atlas browser’s...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2025-34249

Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication 2FA implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try...

9.8CVSS6.9AI score0.01561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.3 views

CVE-2025-34269

Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication 2FA. As a result, an adversary who has obtained a valid session could continue using the active session after t...

8.6CVSS7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 8:11 p.m.4 views

CVE-2025-8850

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

8.8CVSS6.9AI score0.00419EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.4 views

EUVD-2025-37225

Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication 2FA implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try...

9.3CVSS6.3AI score0.01561EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2025-37224

Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication 2FA. As a result, an adversary who has obtained a valid session could continue using the active session after t...

8.6CVSS6.5AI score0.00292EPSS
Exploits0References4
NVD
NVD
added 2025/10/30 10:15 p.m.3 views

CVE-2025-34269

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60424...

0.00292EPSS
Exploits0
NVD
NVD
added 2025/10/30 10:15 p.m.11 views

CVE-2025-34249

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60425...

0.01561EPSS
Exploits0
EUVD
EUVD
added 2025/10/30 9:30 p.m.3 views

EUVD-2025-37197

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

3.1CVSS6.4AI score0.00419EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/30 9:19 p.m.7 views

CVE-2025-34269

...

0.00292EPSS
Exploits0
CVE
CVE
added 2025/10/30 9:19 p.m.8 views

CVE-2025-34269

This CVE-2025-34269 entry concerns Nagios Fusion prior to R2.1, where the application does not require re-authentication or session rotation after a user enables 2FA. A valid session may persist after 2FA is enabled, enabling potential persistent account takeover and undermining the legitimate us...

6.6AI score0.00292EPSS
Exploits0
Rows per page
Query Builder