4933 matches found
Dissecting UAT-8099: New persistence mechanisms and regional focus
Cisco Talos has identified a new campaign by UAT-8099, active from late 2025 to early 2026, that is targeting vulnerable Internet Information Services IIS servers across Asia with a specific focus on victims in Thailand and Vietnam. Analysis confirms significant operational overlaps between this...
Rapid7 vs. Hive Pro: A Head-to-Head Comparison
Threat intelligence and Business context are the secret sauces that transform vulnerability management from a frantic game of whack-a-mole into a strategic, focused risk management and security practice. Without it, you’re just staring at a massive list of vulnerabilities with little to no contex...
Cybersecurity Predictions for 2026 Signal the Maturation of Risk-First Security Models
Key Takeaways Cyber risk management gets operationalized in 2026. Leading organizations move beyond visibility and frameworks to govern risk through prioritization, simulation, and deliberate action. Attack-path modeling matures into execution. Static views give way to dynamic, decision-driving...
MiracleLinux 9 : xorg-x11-server-Xwayland-22.1.9-5.el9 (AXSA:2024-8022:01)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8022:01 advisory. xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367 xorg-x11-server: out-of-bounds memory reads/writ...
Malicious Package
Overview focus-trap-v2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2026-3072
Malicious code in focus-trap-v2 npm...
Malicious code in focus-trap-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54f9667b65219caefb7d526b0ab3787b23c76689e9858e281ce10c5a744ffd10 The package focus-trap-v2 was found to contain malicious code. Source: ghsa-malware e80cecdd51ca03a6a75b249c73d4a4efda03c84e9bdc4a1ba3b2b66cbfd8c82d...
MAL-2026-285 Malicious code in focus-trap-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54f9667b65219caefb7d526b0ab3787b23c76689e9858e281ce10c5a744ffd10 The package focus-trap-v2 was found to contain malicious code. Source: ghsa-malware e80cecdd51ca03a6a75b249c73d4a4efda03c84e9bdc4a1ba3b2b66cbfd8c82d...
CVE-2023-29543
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
CVE-2023-29534
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects...
CVE-2023-29538
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
CVE-2023-29547
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...
CVE-2021-22505
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent...
CVE-2021-22523
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions...
CVE-2021-22514
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM...
CVE-2021-22507
Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access...
CVE-2021-22516
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager SAPIM product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file...
CVE-2021-22521
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges...
CVE-2021-22512
Cross-Site Request Forgery CSRF vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks...
CVE-2021-22500
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing...