30 matches found
EUVD-2025-19277
Malicious code in bioql PyPI...
CVE-2025-31428
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through = 2.8...
CVE-2025-31428
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through = 2.8...
CVE-2025-31428 WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through = 2.8...
CVE-2025-31428 WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through = 2.8...
CVE-2025-31428
CVE-2025-31428 describes an unpatched Reflected Cross-Site Scripting (XSS) in the BuddhaThemes HYDRO WordPress theme (versions n/a through 2.8). The vulnerability arises from improper neutralization of user input during web page generation, enabling an attacker to inject scripts via a reflected p...
PT-2025-27098 · Buddhathemes · Buddhathemes Hydro
Name of the Vulnerable Software and Affected Versions: BuddhaThemes HYDRO versions n/a through 2.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inje...
WordPress plugin HYDRO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme HYDRO versions = 2.8...
Ecuador Is Literally Powerless in the Face of Drought
Drought-stricken hydro dams have led to daily electricity cuts in Ecuador. As weather becomes less predictable due to climate change, experts say other countries need to take notice...
hydro-1.net Cross Site Scripting vulnerability OBB-3790566
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
hydro-m.com Cross Site Scripting vulnerability OBB-3623960
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
hydro-1.net Cross Site Scripting vulnerability OBB-3430488
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware
A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zurich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegi...
hydro-flex.pl Cross Site Scripting vulnerability OBB-2871672
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
A week in security (Oct 25 – Oct 31)
Last week on Malwarebytes Labs Beyond the VPN: Ultimate online privacy with the Tor Project’s Isabela Bagueros: Lock and Code S02E20 Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates How social media mistakes can impact cybersecurity Update now! Apple patches bugs in iO...
Norsk Hydro responds to ransomware attack with transparency
Last March, aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware. The attack began with an infected email and locked the files on thousands of servers and PCs. All 35,000 Norsk Hydro employees across 40 countries were affected. In the throes of this crisis, executives ma...
Insurance Pays Out a Sliver of Norsk Hydro's Cyberattack Damages
On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage. Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to...
Malware targeting industrial plants: a threat to physical security
We live in a world where more and more manufacturing processes are controlled by computers that send instructions to robots. This might sound like a safe and efficient way of work, as it rules out human error, but what happens when a threat actor decides to target production servers? Consider the...
Cyber Security Week in Review (March 28)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. Top headlines this week ASUS had to release an emergency fix for a malware that may have accidentally deployed to their machines. Attackers may have...