EUVD-2023-59177

Malicious code in bioql PyPI...

ALPHV ransomware gang fakes own death, fools no one

For the second time in only four months, all is not well on the ALPHV aka BlackCat ransomware gangs dark web site. Gone are the lists of compromised victims. In their place, a veritable garden of law enforcement badges has sprouted beneath the ominous message "THIS WEBSITE HAS BEEN SEIZED." The...

CVE-2023-6985 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

compadre.org Cross Site Scripting vulnerability OBB-3231949

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Soledad < 8.2.5 - Reflected Cross-site Scripting

The theme does not sanitise the id,datafiltertype,... parameters in its pencimoreslistpostajax AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. A threat actor can collect the nonce value on the main webpage by searching for it on the ajaxvarmore call: var ajaxvarmore =...

Cross site request forgery (csrf)

The Login/Signup Popup, Waitlist Woocommerce Back in stock notifier , and Side Cart Woocommerce Ajax WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the savesettings function found in the /includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it...

Hackers Update Age-Old Excel 4.0 Macro Attack

Hackers have updated the age-old Excel malware attack technique with a new passwordless twist. Researchers have identified a new method that no longer requires victims to enter a password to open a danger document, more readily exposing them to potential malware infection. Researchers from securi...

Emotet malspam campaign uses Snowden’s new book as lure

Exactly one week ago, Emotet, one of the most dangerous threats to organizations in the last year, resumed its malicious spam campaigns after several months of inactivity. Based on our telemetry, we can see that the botnet started becoming chatty with its command and control servers C2, about a...

CVE-2018-7602

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical -...

wordpress: cross-side scripting

A cross-site scripting vulnerability has been discovered that could allow a site to be compromised...

Angler Exploit Kit Spreading Cryptowall 4.0

As expected, it didn’t take long for one of the most popular exploit kits, Angler, to start spreading the latest iteration of Cryptowall ransomware. A drive-by campaign that uses a one-two punch to drop Cryptowall 4.0 has been observed in the wild this week, according to researchers at Heimdal...

WordPress Releases Security Update

WordPress 4.1.2 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 4.1.1 and earlier are affected by this vulnerability. US-CERT recommends users and administrators review the WordPress Security Release and appl...

Web Browsers Malicious Hidden iFrame Redirection

A compromised site may use an obfuscated hidden iFrame code in order to redirect traffic to a malicious website. The client would then be vulnerable to possible automatic download of malware...

Web Site Hosting Malicious Binaries

Binary data wwwhostingmalware.nbin...

SEO Poisoning Campaign Infecting Users With Black Hole Exploit Kit

Researchers have found a new black hat SEO campaign that is being used to redirect users to links that will install the Black Hole exploit kit. The attack is based on searches for, of all things, Shia Labeouf, and leads users through a forest of redirects before plopping them on the compromised...

Attackers Exploiting Windows Help Center Flaw

Researchers have found evidence that attackers are exploiting the vulnerability in the Windows Help and Support Center that was at the center of so much controversy last week. The flaw, which is in the protocol handler related to the Microsoft Windows Help and Support Center, was disclosed late...