EUVD-2016-6692

Malware in sbrugna...

EUVD-2021-26955

Malware in sbrugna...

EUVD-2024-33129

Malicious code in bioql PyPI...

HAX CMS application pages vulnerable to clickjacking

Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...

nbgrader's `frame-ancestors: self` grants all users access to formgrader

Impact Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomains = False. 1915 disables a protection which would...

Geek.com Hacked, Found Hosting Exploit Kit

The security geeks at Geek.com were busy this weekend, after Web security firm zScaler found evidence that an exploit kit was using malicious iframe attacks to try to attack visitors to the company’s Web site, according to a Zscaler report Sunday. A post on the web security firm’s blog indicated...

Cyber Fraud: Tactics, Techniques and Procedures

Gone are the days when those BlackHat Hackers would tickle you for fun, Now they will poke you & take your diamonds without you even knowing anything about it until it's too late. Landscape in the Cyber underground has completely changed since then, making it more like well organized business...

Amnesty International Site Found Hosting Malware, IE Zero Day

Researchers at security firm Websense have found that Amnesty International’s Hong Kong site, amnesty.org.hk, is serving up a cocktail of malware that includes last week’s Internet Explorer 0-day. Visitors to the human rights organization’s site operating versions 6 and 7 of IE are being targeted...