Lucene search
K

490 matches found

Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.4 views

PT-2025-50443

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.23 and earlier Description A stored Cross-Site Scripting XSS issue exists in Adobe Experience Manager. A low privileged attacker could exploit this to inject malicious scripts into vulnerable form fields...

5.4CVSS5.5AI score0.00214EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.4 views

PT-2025-50466

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.9 views

PT-2025-50450

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50403

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.23 and earlier Description A stored Cross-Site Scripting XSS issue exists in Adobe Experience Manager. A low-privileged attacker can inject malicious scripts into vulnerable form fields. Execution of...

5.5CVSS5.6AI score0.00214EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2025/11/26 2:31 p.m.11 views

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service RaaS group, Qilin, with potential involvement from North...

6.6AI score
Exploits0
Veracode
Veracode
added 2025/11/26 9:58 a.m.6 views

Cross-site Scripting (XSS)

Liferay is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in multiple fields within the Notifications widget, which allows an attacker to inject malicious scripts via crafted payloads and execute them in a victim’s browser...

5.4CVSS6.8AI score0.00197EPSS
Exploits0References8Affected Software2
RedHat Linux
RedHat Linux
added 2025/11/20 8:47 p.m.5 views

bind: Cache poisoning attacks with unsolicited RRs

A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records RRs in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache...

8.6CVSS6AI score0.00509EPSS
Exploits1References4
Securelist
Securelist
added 2025/11/19 10:0 a.m.13 views

IT threat evolution in Q3 2025. Non-mobile statistics

IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics Quarterly figures In Q3 2025: Kaspersky solutions blocked more than 389 million attacks that originated with various online resources. Web Anti-Virus responded to 52 million unique links. File...

9.8CVSS7.2AI score0.15593EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/11/18 10:37 a.m.17 views

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/14 10:37 a.m.10 views

Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns

Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure. 14 new ransomware brands launched this...

6.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/13 2:43 p.m.6 views

1 million victims, 17,500 fake sites: Google takes on toll-fee scammers

A Phishing-as-a-Service PhaaS platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing SMS phishing campaigns, and if you’re in the US there is a good chance you've seen their texts about a small amount you supposedly owe in toll fees...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/13 12:0 a.m.4 views

Can AI Models Be Jailbroken to Phish Elderly Victims? an End-To-End Evaluation

We present an end-to-end demonstration of how attackers can exploit AI safety failures to harm vulnerable populations: from jailbreaking LLMs to generate phishing content, to deploying those messages against real targets, to successfully compromising elderly victims. We systematically evaluated...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/12 12:1 p.m.6 views

On Hacking Back

Former DoJ attorney John Carlin writes about hackback, which he defines thus: "A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage with, disable, or collect evidence about an attacker. Although hack backs can take on various forms, they are--­b...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/12 12:36 a.m.10 views

CVE-2025-42924

SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability...

6.1CVSS6.8AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/05 12:0 a.m.3 views

WordPress Depicter plugin cross-site request forgery vulnerability

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

4.3CVSS6.8AI score0.00156EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/11/04 7:45 a.m.3 views

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat aka ALPHV ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator aka "Co-Conspirator 1" based ...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/27 2:56 p.m.3 views

EUVD-2025-36194

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6AI score0.00162EPSS
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2025/10/23 11:51 p.m.5 views

How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA

WIRED recently demonstrated how to cheat at poker by hacking the Deckmate 2 card shufflers used in casinos. The mob was allegedly using the same trick to fleece victims for millions...

7AI score
Exploits0
HackRead
HackRead
added 2025/10/23 12:31 p.m.21 views

183 Million Synthient Stealer Credentials Added to Have I Been Pwned

Massive Synthient Stealer Log leak adds 183 million stolen usernames and passwords to Have I Been Pwned, exposing new victims worldwide...

7AI score
Exploits0
CNVD
CNVD
added 2025/10/17 12:0 a.m.2 views

Adobe Connects Cross-Site Scripting Vulnerability (CNVD-2025-24428)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in a victim's browser...

9.3CVSS6.3AI score0.00557EPSS
Exploits1References1
Rows per page
Query Builder