8 matches found
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript .scpt file impersonating Maccy, a...
Incomplete List of Disallowed Inputs
Overview @astrojs/netlify is a Deploy your site to Netlify Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the conversion process of image.remotePatterns to Netlify Image CDN images.remoteimages regular expressions. An attacker can access image-like...
PT-2025-41398
Name of the Vulnerable Software and Affected Versions Juniper Networks Security Director Policy Enforcer versions prior to 23.1R1 Hotpatch v3 Description A missing authentication check for a critical function in Juniper Networks Security Director Policy Enforcer allows an unauthenticated,...
Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware
Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by...
Platform Update Highlights for eCommerce
Akamai's October Platform Update offers a ton of new features for our customers across all industries. But if you're an online retailer, you should really be paying attention to improvements to EdgeWorkers and Image & Video Manager, which provide expanded capabilities for creating new microservic...
Telegraph delivers better experience with Image Manager
The Telegraph Media Group TMG is a multi-media news publisher and its titles include The Daily Telegraph, The Sunday Telegraph and The Telegraph website. Today, its site serves more than 380 million pages to over 84 million unique visitors every month across the globe, featuring on average about...
chromium-browser: CSP bypass in unspecified component
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy CSP restrictions by providing an image from an unintended source...
PYSEC-2015-38
OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them, a different...