EUVD-2020-12730

Malware in sbrugna...

EUVD-2020-18801

Malware in sbrugna...

EUVD-2023-50913

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-28184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs ...

CVE-2020-1903

An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received...

PT-2024-22317 · Unknown · Weasyprint

Name of the Vulnerable Software and Affected Versions: WeasyPrint versions 61.0 through 61.1 Description: WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, ev...

CVE-2023-46743

Affected: application-collabora (Collabora Online integration in XWiki). Issue: when a user opens an attachment in edit mode, the userCanWrite result was cached on the Collabora server, causing the edit-right to persist for subsequent users even if they have only view rights. Consequence: the sam...

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan,...

Highly Sophisticated Parasite RAT Emerges on the Dark Web

Researchers are tracking a remote access trojan RAT on underground markets that, so far, has only been attributed to one small malicious email campaign. However, the RAT, dubbed Parasite HTTP by the Proofpoint researchers that discovered it, has an impressive list of sophisticated features –...

Security Bulletin: Information disclosure in IBM Business Process Manager (BPM) V8.5 document attachments search (CVE-2014-4759)

Summary IBM BPM document attachment queries can return document properties that contain sensitive information. Vulnerability Details CVE ID: CVE-2014-4759 DESCRIPTION: An Ajax service that is shipped with the Content Management toolkit allows users to search for IBM BPM document attachments from...

Sanny Malware Updates Delivery Method

The group behind Sanny malware attacks has made significant changes to the way it delivers their payload. According to new research by FireEye, the attackers have upgraded their delivery techniques when it comes to planting malware on systems via document attachments sent as part of spam and...

Coremail Cross-Site Scripting Vulnerability

Coremail mail system is a large-scale enterprise mail system independently developed by the company. A cross-site scripting vulnerability exists in Coremail XT3.0, which allows remote attackers to inject arbitrary Web script or HTML via hyperlinks in document attachments...

iSpy Keylogger Targets Passwords, Skype, Webcams

Researchers are monitoring sales and infection rates of a new keylogger being sold on the dark web for $25 to $35. Along with capturing keystrokes, iSpy grabs passwords stored in web browsers, records Skype chats, takes webcam screenshots and steals the license keys of software such as Adobe...