Violence-as-a-Service: Encrypted Apps Used in Recruiting Teens as Hitmen

European police, led by Denmark and Sweden, are arresting individuals in a crackdown on violence-as-a-service, where criminal groups recruit teenagers online for contract killings. Learn about Europol's OTF GRIMM task force and how they're fighting this disturbing trend...

CVE-2024-53741

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Popup simple-popup-plugin allows DOM-Based XSS.This issue affects Simple Popup: from n/a through = 4.6...

PT-2025-5918 · Unknown · Garrett Grimm Simple Select All Text Box

Name of the Vulnerable Software and Affected Versions: Garrett Grimm Simple Select All Text Box versions 3.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that a...

CVE-2024-53741

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Popup simple-popup-plugin allows DOM-Based XSS.This issue affects Simple Popup: from n/a through = 4.6...

CVE-2024-53741

CVE-2024-53741 concerns the WordPress plugin Simple Popup (versions

CVE-2024-53741 WordPress Simple Popup plugin <= 4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Popup simple-popup-plugin allows DOM-Based XSS.This issue affects Simple Popup: from n/a through = 4.6...

CVE-2024-38689

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4...

CVE-2024-38689

CVE-2024-38689 is a stored XSS in the WordPress plugin Simple Popup by Garrett Grimm, affecting the plugin version range “from n/a through 4.4.” The root cause cited is improper neutralization of input during web page generation. The connected docs reiterate the vulnerability class and affected p...

CVE-2024-38689 WordPress Simple Popup plugin <= 4.4 - Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4...

CVE-2024-38689 WordPress Simple Popup plugin <= 4.4 - Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4...

marco-grimm.de Improper Access Control vulnerability OBB-3770608

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

grimm-portal.de Cross Site Scripting vulnerability OBB-3708531

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

grimm-heiz.ch Cross Site Scripting vulnerability OBB-3343038

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Update now! Netgear vulnerability patched

Netgear has released a fix for a vulnerability on several of their product models. The affected product models include extenders, routers, air cards, and modems. The vulnerability was discovered by researchers at GRIMM, but prior to the planned disclosure date, Netgear released a patch that fixed...

High-Severity RCE Flaw Disclosed in Several Netgear Router Models

Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Traced as CVE-2021-40847 CVSS score: 8.1, the security weakness...

VMware Fusion USB Arbitrator Setuid Privilege Escalation Exploit

This Metasploit module exploits an improper use of setuid binaries within VMware Fusion versions 10.1.3 through 11.5.3. The Open VMware USB Arbitrator Service can be launched outside of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home...

grimm-gastrobedarf.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1039992 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting grimm-gastrobedarf.de...

Mac malware OSX.Proton strikes again

The hackers responsible for the Mac malware OSX.Proton have struck again, this time infecting a copy of the Elmedia Player app that was being distributed from the official Eltima website. At this time, it is still unknown how long their website was providing the hijacked app. Proton was silently...