EUVD-2022-28660

Malicious code in bioql PyPI...

PT-2025-36342

Name of the Vulnerable Software and Affected Versions: AMD TEE affected versions not specified Description: Insufficient bounds checking in AMD TEE Trusted Execution Environment could allow an attacker with a compromised userspace to invoke a command with malformed arguments, leading to...

CVE-2022-23724

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...

CVE-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Threat actors linked to North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces , which...

CVE-2024-6895

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as passwor...

CVE-2024-6895

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentication. An attacker with user session and access to application can modify settings such as passwor...

CVE-2024-6895

CVE-2024-6895 affects Yugabyte Platform: Insufficient authentication in user account management could allow a local-network attacker with a compromised session to change critical security settings (e.g., password, email) without re-authenticating, enabling account takeover. Exploitation details a...

BIT-LIVEHELPERCHAT-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...

Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

Incident response IR is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you're still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability ...

CVE-2023-20571

A race condition in System Management Mode SMM code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation...

Microsoft Defender for Endpoint now stops human-operated attacks on its own

Defenders need every edge they can get in the fight against ransomware. Today, were pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...

Cross site scripting

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...

CVE-2021-46754

Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...

Overflow Excessive claims could overwhelm storage _userWithdrawals mapping

Lines of code Vulnerability details Impact By submitting an excessive number of claims through a compromised user, an attacker could theoretically overwhelm the storage used for mapping users to their delayed withdrawals. If critical data is overwritten, the contract would be rendered unusable...

CVE-2022-4137

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...

CVE-2021-46779

Insufficient input validation in SVCECCPRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP AMD Secure Processor OS memory which may lead to potential loss of integrity and availability...

Input validation

Insufficient input validation in SVCECCPRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP AMD Secure Processor OS memory which may lead to potential loss of integrity and availability...

CVE-2021-26398

Insufficient input validation in SYSKEYDERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP AMD Secure Processor OS memory which may lead to potential arbitrary code execution...

New Twitter data dump is a cleaned up version of old Twitter dump

News of data dumps is often scary as the possibilities of identity theft, account takeovers, user de-anonymization, and other online data-driven threats rear their ugly heads. Reading about the latest reports of a new Twitter dump, however, is like opening up an already-healed wound, as the dump...