69 matches found
EUVD-2026-38666
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen
A hacker using the alias "Xorcat" claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident...
Instagram’s “17 Million User Data Leak” Was Just Scraped Records from 2022
Instagram’s 17 million user data leak wasn’t a new breach - Hackread.com's in-depth analysis shows it was scraped in 2022, leaked in 2023, and falsely repackaged in 2026...
Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches
An Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details tied to multiple regions...
EUVD-2020-29672
Malware in sbrugna...
EUVD-2020-29673
Malware in sbrugna...
EUVD-2024-49922
Malicious code in bioql PyPI...
Lawsuit About WhatsApp Security
Attaullah Baig, WhatsApp's former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower...
Signal Blocks Windows Recall
This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data...
CVE-2024-9410
Ada.cx's Sentry configuration allowed for blind server-side request forgeries SSRF through the use of a data scraping endpoint...
Automated Profile Inference with Language Model Agents
Impressive progress has been made in automated problem-solving by the collaboration of large language models LLMs based agents. However, these automated capabilities also open avenues for malicious applications. In this paper, we study a new threat that LLMs pose to online pseudonymity, called...
Posts scraped data to IP address associated with other malware distribution attacks.
Published in 2021, the imblog package is a Python librarythat scrapes data from a blog page to an IP address associated with other malware distribution attacks...
How Is API Abuse Different from Web Application Attacks by Bots?
API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to...
CVE-2024-9410
Ada.cx's Sentry configuration allowed for blind server-side request forgeries SSRF through the use of a data scraping endpoint...
CVE-2024-9410
Ada.cx's Sentry configuration allowed for blind server-side request forgeries SSRF through the use of a data scraping endpoint...
CVE-2024-9410 Ada.cx SSRF via Sentry Misconfiguration
Ada.cx's Sentry configuration allowed for blind server-side request forgeries SSRF through the use of a data scraping endpoint...
CVE-2024-9410 Ada.cx SSRF via Sentry Misconfiguration
Ada.cx's Sentry configuration allowed for blind server-side request forgeries SSRF through the use of a data scraping endpoint...
CVE-2024-9410
CVE-2024-9410 describes a SSRF vulnerability in Ada.cx’s Sentry configuration, exploitable via a data scraping endpoint. Affected component: Ada.cx platform with Sentry integration; root cause: misconfiguration allowing blind SSRF through the data scraping/data capture endpoint. Reported impact: ...
PT-2024-39615 · Ada.Cx · Ada.Cx
Name of the Vulnerable Software and Affected Versions: Ada.cx affected versions not specified Description: The issue concerns a blind server-side request forgery SSRF vulnerability in Ada.cx's Sentry configuration. This vulnerability is exploited through a data scraping endpoint, allowing for SSR...
Stolen data from scraping service National Public Data leaked online
Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence. The stolen data comes from a data scraping service trading under the name “National Public Data” which was allegedly breached by a cybercriminal group by the name of...