58 matches found
CVE-2026-21908
Summary (CVE-2026-21908): A Use-After-Free in Juniper Networks Junos OS and Junos OS Evolved’s 802.1X daemon (dot1xd) can be triggered by a port bounce during a change in authorization (CoA). Successful exploitation could cause a crash (DoS) or potentially execute code with root privileges. Affec...
EUVD-2011-3809
Malware in sbrugna...
EUVD-2006-5936
Malware in sbrugna...
CVE-2011-3852
Cross-site scripting XSS vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...
Key Takeaways from the Take Command Summit 2025: Inside the Mind of an Attacker
In one of the most anticipated sessions of Take Command 2025, Raj Samani, Chief Scientist at Rapid7, sat down with Trent Teyema, former FBI Special Agent and President of CSG Strategies, for a candid conversation on how threat actors are evolving and what defenders must do to keep up. Moderated b...
CVE-2020-8868
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...
Malicious code in evolve-base-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909d9bfde96cc057e1103d65d9b672ee44b67faf28bb4f4fb8fcbfd7877903d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Shopify says stolen customer data was taken in third-party breach
Shopify has denied a breach of its systems after a cybercriminal posted alleged Shopify customer details online. Shopify told BleepingComputer and other publications that the incident happened at a third party: "Shopify systems have not experienced a security incident. The data loss reported was...
Affirm says Evolve Bank data breach also compromised some of its customers
Buy now, pay later payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. In a form 8-K, submitted to the Securities and Exchange Commission SEC, Affirm states: “Because the...
Evolve Bank Data Breach Puts Affirm Cardholders Info at Risk
Affirm cardholders beware! Data breach at Evolve Bank, the issuer of Affirm credit cards, may expose personal information.…...
A week in security (June 24 – June 30)
Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data m...
[updated] Federal Reserve “breached” data may actually belong to Evolve Bank
A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBits dark web leak site, the group threatened to release over 30 TB of banking information containing Americans banki...
evolvenetwork.com.au Cross Site Scripting vulnerability OBB-3904730
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
evolve-entertainment.co.uk Cross Site Scripting vulnerability OBB-3851204
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
evolveit.ca Improper Access Control vulnerability OBB-3789126
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
academy.evolve-asia.com Open Redirect vulnerability OBB-3752733
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
evolve-designstudio.com Cross Site Scripting vulnerability OBB-3314473
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious Package
Overview evolve-runtime is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
evolve-gaming.be Cross Site Scripting vulnerability OBB-3154353
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in evolve-runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f91172e8ea3922e0774dbdd5e55592c05035e0ea441f8064c3e163dd81dcd85e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...