EUVD-2025-102868

Malicious code in putri-ikan77-riris npm...

EUVD-2024-23464

Malicious code in bioql PyPI...

Leaked Shellter Elite Tool Now Fueling Infostealer Attacks Worldwide

A new report details how the advanced hacking tool Shellter Elite was leaked and is now being used…...

SquareX Reveals that Employees are No Longer the Weakest Link, Browser AI Agents Are

Palo Alto, California, 30th June 2025, CyberNewsWire...

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in...

CVE-2025-32870

creationtimestamp| type| source ---|---|--- 2025-04-16 18:44:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmxaptals42v 2025-04-16 20:48:39+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114349606118111826 2025-04-16 21:54:57+00:00| seen|...

Silverstripe Framework has a XSS vulnerability in HTML editor

Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch...

CVE-2025-21222

creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review 2025-04-08 17:47:04+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114303593614137081 2025-04-08 19:48:31+00:00| seen|...

Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week

In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within "OpenAI's ChatGPT…...

prettylittlefawn.com Cross Site Scripting vulnerability OBB-4036423

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-22537

creationtimestamp| type| source ---|---|--- 2025-01-09 16:17:21+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfd3c35tsp2d 2025-01-09 16:48:59+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113799419310916406...

CVE-2024-21899

creationtimestamp| type| source ---|---|--- 2024-03-08 18:26:57+00:00| seen| https://t.me/ctinow/203490 2024-03-08 18:32:03+00:00| seen| https://t.me/ctinow/203502 2024-03-10 08:00:37+00:00| seen| https://t.me/RussianOSINT/3820 2024-03-11 15:40:05+00:00| seen| https://t.me/truesecator/5506...

sharonmorgenstern.com Cross Site Scripting vulnerability OBB-2612091

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Details of an NSA Hacking Operation

Pangu Lab in China just published a report of a hacking operation by the Equation Group aka the NSA. It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers aka some Russian group. …the scope of victims exceeded 287 targets in 45 countries,...

Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for Enterprise and Small and Midsize Businesses

The security stakes have never been higher and, consequently, the protection of endpoints as a key component of any extended detection and response XDR strategy has never been more critical—for organizations of all sizes. Microsoft is thrilled to be recognized as a Leader in IDC’s MarketScape...

A week in security (May 31 – June 6)

Last week on Malwarebytes Labs, we looked at an interesting trend in facial recognition technology—hint: its a slow fade, the latest ransomware attacks on JBS and Steamship Authority, Cobalt Strike, a Coronavirus phishing campaign, WhatsApp’s decision to not limit app functionalities for...

A week in security (April 12 – 18)

Last week on Malwarebytes Labs, our podcast featured Troy Hunt, Chloé Messdaghi, and Tanya Janca who discussed security fatigue with us. We announced the release of the Malwarebytes SMB Cybersecurity Trust & Confidence Report 2021, a first-of-its-kind survey of the hardworking IT professionals on...

Court Ruling on Forensic Data Breach Reporting Flying Under the Radar

One thing that may have flown under the radar in recent weeks is that a court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. You can read mo...

A week in security (November 11 – 17)

Last week on Malwarebytes Labs, we offered statistics and information on a sneaky new Trojan malware for Android, inspected a bevy of current Facebook scams, and explained the importance of securing food and agriculture infrastructure. We also released our latest report on cybercrime tactics and...

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016...