Hosting Service Standards That Define High-Performing Agencies

There’s a quiet pattern among the agencies that consistently outperform their competitors. Their client retention rates are higher.…...

Ghost SQL注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...

Ghost cross-site scripting vulnerabilities

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 5.43.0 to 5.12.04, as well as 6.0.0 to 6.14.0, have a cross-site scripting vulnerability. This vulnerability arises because specially crafted links may execute JavaScript, potentially leading to account...

Ghost 授权问题漏洞

Ghost is a hosting service of Ghost Open Source. An authorization issue vulnerability exists in Ghost versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in Ghost's two-factor authentication mechanism that could cause a staff user to skip two-factor authentication f...

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organization...

MAL-2025-2510 Malicious code in imagehostingserv-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4b1e6e385a1d2e359dd57308046e8187ed7987b73c146261436e52073ba8d64 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-35221

CVE-2024-35221 targets Rubygems.org’s gem publishing workflow. A Gem publisher could trigger a Remote DoS by publishing a Gem whose metadata is parsed with Gem::Specification.from_yaml, which uses SafeYAML.load and permits YAML aliases, enabling YAML-bomb style DoS. The issue is documented as pat...

CVE-2024-4454

WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to...

CVE-2024-4454

WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to...

PT-2024-31167 · Withsecure · Withsecure Elements Endpoint Protection

Name of the Vulnerable Software and Affected Versions: WithSecure Elements Endpoint Protection affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part o...

CVE-2024-21654

CVE-2024-21654 affects Rubygems.org, the Ruby package hosting service. A flaw in the forgotten-password flow allows bypassing MFA, enabling account takeover. Root cause: a workaround in the password-reset form. Impact: high (CVE details indicate potential total compromise of an affected account)....

CVE-2023-40165

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

Input validation

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

Atmail 跨站脚本漏洞

Atmail is an email hosting service from Atmail. It is used to ensure that customer email platforms are secure, stable, scalable and private. A security vulnerability exists in Atmail version 5.62, which stems from the presence of a cross-site scripting XSS vulnerability...

PT-2023-2103 · Microsoft · Onedrive For Macos +1

Name of the Vulnerable Software and Affected Versions: OneDrive for Windows affected versions not specified OneDrive for MacOS affected versions not specified Description: The issue is related to insufficient access restrictions in the file hosting service, which can be exploited by an attacker t...

Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target...

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server

We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control C&C server to circumvent detection...

CVE-2021-41180 Geolocation preview links can be set to arbitrary links in nextcloud talk

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only...

Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia

Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu aka "Virus", the individual in question, was detained at the El Dorado airport in...

Satellite - Easy-To-Use Payload Hosting

Satellite is an web payload hosting service which filters requests to ensure the correct target is getting a payload. This can also be a useful service for hosting files that should be only accessed in very specific circumstances. Quickstart Guide 1. Install satellite on Ubuntu using the .deb fil...