8 matches found
keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
EUVD-2026-39476
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
CVE-2026-9083
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
Planned Parenthood Breach Opens Patients to Follow-On Attacks
Planned Parenthood’s Los Angeles PPLA division has been hacked, with cyberattackers making off with sensitive personal health information for at least 400,000 patients. In a data-breach notice PDF filed with the state of California, the organization said that it had detected the intrusion on Oct...
A guide to combatting human-operated ransomware: Part 2
This blog is part two of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. In part one of this bl...
CVE-2019-19283
A vulnerability has been identified in XHQ All Versions 6.1. The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place...
Purveyor of Cracked Netflix, Hulu, Spotify Accounts Arrested
A Sydney man has been arrested after allegedly selling hundreds of thousands of compromised account details for subscription streaming services, including for Netflix, Hulu and music streaming service Spotify – raking in about $212,000 $300,000 AUD in profit in the process. The Australian Federal...
Adult Website Hack Exposes 1.2M ‘Wife Lover’ Fans
The database underlying an erotica site known as Wife Lovers has been hacked, making off with user information protected only by a simple-to-crack, outdated hashing technique known as the DEScrypt algorithm. Over the weekend, it came to light that Wife Lovers and seven sister sites, all similarly...