Scammers Are Scamming Other Scammers Out of Millions of Dollars

On cybercrime forums, user complaints about being duped may accidentally expose their real identities...

Police Dismantle SIM Swapping Gang in Spain

By Habiba Rashid Spanish Police confirmed that the SIM Swapping gang also used dark web forums to illegally obtain ID and credit card numbers through cryptocurrency purchases. This is a post from HackRead.com Read the original post: Police Dismantle SIM Swapping Gang in Spain...

CVE-2022-44961

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

Cross site scripting

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

webTareas 跨站脚本漏洞

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas version 2.4p5, which stems from a cross-site scripting XSS vulnerability found i...

CVE-2022-44961

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

Threat actors buy new BlueFox Stealer to exfiltrate data

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Russian-speaking user named distamx has been selling BlueFox Stealer as malware-as-a-service since December 2021. A subscription to the customizable malware costs $350 per month on underground forums...

LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data

Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for...

phpfusion 授权问题漏洞

PHPFusion is a Malaysian PHPFusion company based on MySql and PHP open source lightweight content management system . The system contains modules for news, articles and forums. A security vulnerability exists in PHPFusion versions prior to 9.10.20, which stems from an unverified password change...

Network Access for Sale: Protect Your Organization Against This Growing Threat

Vulnerable network access points are a potential gold mine for threat actors who, once inside, can exploit them persistently. Many cybercriminals are not only interested in obtaining personal information but also seek corporate information that could be sold to the highest bidder. Infiltrating...

Revamped version of Redeemer Ransomware has been uncovered on Dark Web Forums

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new version of the free Redeemer ransomware has been discovered on hacker forums, providing inexperienced threat actors with an easy entry into the field of encryption-backed extortion campaigns. The new 2.0...

Researchers Warn of 'Matanbuchus' Malware Campaign Dropping Cobalt Strike Beacons

A malware-as-a-service Maas dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to...

Malicious code in vanillaforums (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04d4eaee162f329e9ff159b3516e322fa2820d4e1f5df77c9a39daa865055dab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0

Impact The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintex...

Hackers Selling US Colleges VPN Credentials on Russian Forums- FBI

By Waqas The network credentials and VPN access information were mainly acquired through ransomware, spear-phishing, and other cyberattacks. According to… This is a post from HackRead.com Read the original post: Hackers Selling US Colleges VPN Credentials on Russian Forums- FBI...

FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks

Network credentials and virtual private network VPN access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, cou...

GHSA-VXMV-74RF-VQGP Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

Moodle Incorrect sanitation of attributes in forums

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums...

GHSA-CJRF-XG77-CHPW Moodle Incorrect sanitation of attributes in forums

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums...

Low-rent RAT Worries Researchers

For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...