6 matches found
Polyfill Detected
The polyfill.js file is a popular open-source library to ensure old browsers compatibility when evaluating JavaScript code. Starting February 2024, the domain polyfill.io and the related GitHub account have been purchased by a malicious threat actor to inject malwares in all web applications...
Design/Logic Flaw
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...
CVE-2023-45821
Artifact Hub (artifacthub.io) has a vulnerability in the registryIsDockerHub check where the code only inspects the registry domain ending with docker.io, enabling credential hijacking by using a fake OCI registry on a domain that ends with docker.io. The issue affects how Docker credentials used...
Google Argentina domain bought by a random citizen for $5
By Deeba Ahmed A random Argentinian bought the official Google Argentina domain for just $5 and as a result, the site was offline in the country for hours. This is a post from HackRead.com Read the original post: Google Argentina domain bought by a random citizen for $5...
Fiserv Forgets to Buy Domain It Used as System Default
Fiserv, a multi-billion-dollar cybersecurity tech provider for financial institutions, forgot to buy the domain used as a default in their systems’ email communications, according to a report. The blunder could have exposed its clients’ user information to anyone with a few bucks to buy the domai...
FiercePhish - A Full-Fledged Phishing Framework To Manage All Phishing Engagements
FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notificati...