Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...

CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Collections or Taxonomies components. An attacker can execute arbitrary JavaScript in the context of a higher-privileged user's session by injecting malicious scripts into content fields, leading to...

Google Is Getting Thousands of Deepfake Porn Complaints

Content creators are using copyright laws to get nonconsensual deepfakes removed from the web. With the complaints covering nearly 30,000 URLs, experts say Google should do more to help...

Snapchat: Delete anyone's content spotlight remotely.

A vulnerability was discovered in Snapchat's Spotlight feature that allowed anyone to delete another user's content remotely. By intercepting and modifying the delete request, an attacker could replace the ID parameter with that of another user's video, resulting in the deletion of their content...

Shopify: Cross-site scripting on api.collabs.shopify.com

Summary: Shopify collabs collabs.shopify.com is a new platform for content creators / influencers to discover and advertise the millions of brands of Shopify. The content creators can apply for different brands on this platform and get paid affiliate marketing. I discovered a cross-site scripting...

YTStealer targets YouTube content creators

Researchers are reporting the discovery of malware targeting YouTub content creators. The aim is to compromise accounts and then take over the victims channels completely. The malware, dubbed YTStealer, has one game plan: Grabbing authentication cookies. A site gives you an authentication cookie...

New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators

Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fa...

Hackers leak up to 4 TB of OnlyFans content for download

By Deeba Ahmed OnlyFans is a London-based adult entertainment site immensely popular among content creators and influencers, especially females has been hacked. This is a post from HackRead.com Read the original post: Hackers leak up to 4 TB of OnlyFans content for download...

Brave Browser - Next Generation Secure, Fast And Private Web Browser with Adblocker

The Brave Privacy Browser is your fast, safe private web browser with ad blocker, private tabs and pop-up blocker. Browse without being tracked by advertisers, malware and pop-ups. Fast & Secure Web Browser No external plugins or settings! Brave privacy browser simply provides the most secure,...

Detecting Fake Videos

This story nicely illustrates the arms race between technologies to create fake videos and technologies to detect fake videos: These fakes, while convincing if you watch a few seconds on a phone screen, aren't perfect yet. They contain tells, like creepily ever-open eyes, from flaws in their...

SOPA: The Folly of Capitol Hill

The ongoing controversy surrounding the SOPA and PIPA anti-piracy bills in Congress has produced a lot of things: misunderstanding of what the bills would do; silly rhetoric from trade groups supposedly defending content creators; confusion on Capitol Hill; and a clear demonstration of how...

Drupal 5.17 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drupal 5.17 Taxonomy Core Module Contains XSS Vulnerability May 7, 2009 Version tested: Drupal 5.17 http://lampsecurity.org/drupal-taxonomy-vulnerability Drupal http://drupal.org is a robust content management system CMS written in PHP and supported b...