CVE-2012-6555

Cross-site scripting XSS vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title...

CVE-2011-1009

Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter...

CVE-2010-4266

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher...

CVE-2005-2228

Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum...

CVE-2006-5603

SQL injection vulnerability in popmail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence

Cyber threats have become increasingly prevalent and sophisticated. Prior work has extracted actionable cyber threat intelligence CTI, such as indicators of compromise, tactics, techniques, and procedures TTPs, or threat feeds from various sources: open source data e.g., social networks, internal...

Initial Access Brokers Shift Tactics, Selling More for Less

What are IABs? Initial Access Brokers IABs specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like soci...

A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...

Autodesk: Stored XSS via Post Tittle Enabling Non-Privileged User to Privileged User Exploitation on https://forums.autodesk.com/

A stored cross-site scripting XSS vulnerability was found on Autodesk Forums. The vulnerability allowed an attacker to inject malicious JavaScript code when viewed by both non-privileged and privileged users. The vulnerability was fixed by Autodesk...

CVE-2023-52924

creationtimestamp| type| source ---|---|--- 2025-02-05 09:19:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113950532906464739 2025-02-05 09:23:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113950551622532897 2025-02-05 10:15:39+00:00| seen|...

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent...

Cybercrime gets a few punches on the nose

It’s not often that we get to share good news, so we wanted to grab this opportunity and showcase some progress made by law enforcement actions against cybercrime with you. Europol notified us about the take-down of two of the largest cybercrime forums in the world. With over 10 million users,...

Operation Talent: FBI Seizes Nulled.to, Cracked.to, Sellix.io and more

The FBI has seized Nulled.to, Cracked.to, Sellix.io, and StarkRDP.io in Operation Talent, targeting cybercrime forums and illicit marketplaces.…...

FBI Seizes Leading Hacking Forums Cracked.io and Nulled.to

Nulled.to, Cracked.to and Cracked.io, major hacking forums, appear seized by the FBI as DNS records point to FBI…...

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Fuel for other malware and scam campaigns Indicators of Compromise Overview Online criminals are targeting individuals and...

U.S. Offered $10M for Hacker Just Arrested by Russia

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as "Wazawaka ," a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 millio...

FBI: Spike in Hacked Police Emails, Fake Subpoenas

The Federal Bureau of Investigation FBI is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to...

CVE-2024-51492 Zusam vulnerable to stored XSS, allowing token theft via crafted SVG

Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...

Zusam 跨站脚本漏洞

Zusam is a free and open source approach to Zusam Open Source. It is used to host private forums. A cross-site scripting vulnerability exists in versions of Zusam prior to 0.5.6, which stems from a specially crafted SVG file that allows unrestricted script execution when uploaded as an image to t...

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

Summary The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, the National Security Agency NSA, the Communications Security Establishment Canada CSE, the Australian Federal Police AFP, and Australian Signals Directorate's Australian Cyber Security...