Astra Linux - уязвимость в python-django, python2.7

Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...

Astra Linux - уязвимость в python-bottle

Packages from versions 0 and before 0.12.19 are vulnerable to Web Cache Poisoning, due to a mechanism called “parameter cloaking”. When attackers can separate query parameters using a semicolon ;, they can create a discrepancy in the interpretation of requests between the proxy running with defau...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-bottle (UTSA-2026-017473)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017473 advisory. The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query...

Massive AI investment scam network spans 15,500 domains

Researchers tracked a large AI‑themed investment scam campaign involving more than 15,000 domains. It uses cloaking and deepfakes to hide from security tools while targeting ordinary users. Criminals abused the Keitaro ad-tracking platform as part of a cloaking system so real victims see scam...

CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

Hackers Use 1Campaign to Hide Malicious Ads From Google Reviewers

Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security...

Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack

Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs...

CVE-2023-40674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management:...

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2021-23336)

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence AI models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve...

EUVD-2021-0038

Malware in sbrugna...

EUVD-2021-10423

Malware in sbrugna...

EUVD-2004-0678

Malware in sbrugna...

EUVD-2023-45230

Malicious code in bioql PyPI...

EUVD-2025-4831

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-28473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate...

BIT-LIBPYTHON-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new...

K000149880: Python vulnerabilities CVE-2021-3733, CVE-2021-3426, CVE-2021-23336, and CVE-2020-8492

Security Advisory Description CVE-2021-3733 There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request...