CVE-2026-2720 Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services...

Exploring User Risk Factors and Target Groups for Phishing Victimization in Pakistan

Phishing attacks pose a significant cybersecurity threat globally. This study investigates phishing susceptibility within the Pakistani population, examining the influence of demographic factors, technological aptitude and usage, previous phishing victimization, and email characteristics. Data wa...

Unmasking Hidden Threats: Spotting a DPRK IT-Worker Campaign

Unmasking Hidden Threats: Spotting a DPRK IT-Worker Campaign By Duy-Phuc Pham and John Fokker · September 23, 2025 In today's complex threat landscape, staying ahead of sophisticated adversaries is paramount. Organizations face constant pressure to identify threats that do not always involve...

Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations

Since 2024, Microsoft Threat Intelligence has observed remote information technology IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the Democratic People’s Republic of Korea DPRK. Among the changes...

CVE-2024-24099

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update...

&#8220;This fraud destroyed my life.&#8221; Man ends up with criminal record after ID was stolen

This is a sad story that illustrates how losing your ID can effectively ruin your life and reputation. 19-year-old dual German Tunisian national Rami Battikh travelled to the UK in 2019, bringing both his passport and his German national ID. When he returned to Germany, Rami noticed that his Germ...

HealthTech Database Exposed 108GB Medical and Employment Records

A misconfigured database exposed 108.8 GB of sensitive data, including information on over 86,000 healthcare workers affiliated with…...

Background check provider data breach affects 3 million people who may not have heard of the company

Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. The attacker may have accessed over three million files containing...

Keep Your Tech Flame Alive: Akamai Trailblazer Elizabeth Padley

In this Akamai FLAME Trailblazer blog, Elizabeth Padley tells us that as an international employment lawyer in tech, she has learned to expect the unexpected...

CVE-2024-24099

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update...

CVE-2024-24099

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update...

Sql injection

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update...

CVE-2024-24099

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update...

Scholars Tracking System 安全漏洞

Scholars Tracking System is a scholars tracking system by the individual developer Fabian Ros. A SQL injection vulnerability exists in Scholars Tracking System version 1.0, which stems from a lack of validation of externally entered SQL statements when updating employment status information, and...

CVE-2024-24099

CVE-2024-24099 affects Code-projects Scholars Tracking System 1.0. Multiple sources (NVD, Red Hat, CNVD, CNVD-like entries, CVE list) describe a SQL Injection vulnerability in the Employment Status Information Update. Root cause: lack of validation for externally supplied SQL statements. Impact i...

CVE-2024-24099

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update...

PT-2024-20270 · Unknown · Code-Projects Scholars Tracking System

Name of the Vulnerable Software and Affected Versions: Code-projects Scholars Tracking System version 1.0 Description: The issue is related to SQL Injection under Employment Status Information Update. This allows for potential exploitation of the system's database. Recommendations: For...

X wants your biometric data

Users of X formerly Twitter paying for a checkmark under what used to be called Twitter Blue now X Premium have some biometric related decisions to make. The BBC reports that Elon Musk, having dismantled the old checkmark system to replace it with the all new Premium, is reintroducing identity...

X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation

X, the social media site formerly known as Twitter, has updated its privacy policy to collect users' biometric data to tackle fraud and impersonation on the platform. "Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes," the...