16 matches found
MAL-2025-8478 Malicious code in @malware-test-baels-psoas-pions-drama/test-mlw3-baels-psoas-pions-drama (npm)
The package @malware-test-baels-psoas-pions-drama/test-mlw3-baels-psoas-pions-drama was found to contain malicious code...
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox
A critical security flaw has been disclosed in the llamacpppython Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 CVSS score: 9.7, the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If...
AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain
By Waqas The Llama Drama vulnerability in the Llama-cpp-Python package exposes AI models to remote code execution RCE attacks, enabling attackers to steal data. Currently, over 6,000 models are affected by this vulnerability. This is a post from HackRead.com Read the original post: AI Python...
athensdrama.gr Improper Access Control vulnerability OBB-3831369
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’
The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse...
Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
The Babuk ransomware gang’s new rebrand isn’t going so well. It seems the cybercriminal group has been a victim of a ransomware attack of its own. Babuk’s latest endeavor, a Dark Web ransomware forum called RAMP, was crippled by a spammer over the weekend who overloaded the site with same-sex...
Trump's TikTok Drama Is a Distraction
As the White House zeroes in on a single app, some experts say more pressing issues are going by the wayside...
A week in security (December 2 – December 8)
Last week on Malwarebytes Labs, we took a look at a new version of the IcedID Trojan, described web skimmers up to no good, and took a deep dive into containerization. We also explored a report bringing bad news for organizations and insider threats, and threw a spotlight on a video game phish...
Hot Drama CMS v2.1 has a flawed logic vulnerability
Hot Drama CMS is a movie and TV station building system developed by PHP+MySQL. There is a logic flaw vulnerability in /admin/cm.php in Hot Drama CMS v2.1, which can be exploited by an attacker to log in to the administration background by modifying the cookie value...
XSS Vulnerability in Hot Drama CMS v2.1
Hot Drama CMS is a movie and TV station building system developed by PHP+MySQL. A stored xss injection vulnerability exists in /wap/book.php in Hot Drama CMS v2.1, which can be exploited by attackers to obtain an administrator cookie...
XSS Vulnerability in Le Wai Hot Drama CMS Website Builder System V2.1
Hot Drama CMS Movie & TV Station Building System is a fully automatic video collection website source code developed by PHP+MySQL. Le Wai Hot Drama CMS website builder system system V2.1 exists XSS vulnerability, attackers can use the vulnerability to obtain sensitive information such as user...
tayvan-drama.com XSS vulnerability
Open Bug Bounty ID: OBB-610487 Description| Value ---|--- Affected Website:| tayvan-drama.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
dramaonline.pk XSS vulnerability
Open Bug Bounty ID: OBB-607130 Description| Value ---|--- Affected Website:| dramaonline.pk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
dr.dk XSS vulnerability
Vulnerable URL: http://www.dr.dk/radio/drama-lydbog/lydbog/til""-den-bitre-ende Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 13:24 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3465 Google Pagerank| 7 VIP...
Dennis Fisher and Mike Mimoso Discuss the Apple and Adobe Zero Days, and More
Dennis Fisher and Mike Mimoso talk about all of the zero days that were dropped this week on Adobe and Apple, the Oracle backdoor drama and the upcoming Kaspersky Security Analyst Summit in Cancun. Then, Dennis calls Brian Donohue to talk about the wonders of the Blackhat movie and Brian’s dog...
Fox Sitcom Will Depict Pen Testing Firm
Hollywood is taking another crack at hacker culture – this time with a decidedly contemporary twist: a sitcom that will depict the zany doings of a group of security geeks who work as corporate penetration testers. The new show, breakingin, is scheduled to debut on April 6 and will star Christian...