EUVD-2021-26923

Malware in sbrugna...

EUVD-2021-16230

Malware in sbrugna...

EUVD-2018-5740

Malware in sbrugna...

EUVD-2023-27677

Malicious code in bioql PyPI...

EUVD-2022-1795

Malicious code in bioql PyPI...

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

North Korean Hackers Stole $88M by Posing as US Tech Workers

Flashpoint uncovers how North Korean hackers used fake identities to secure remote IT jobs in the US, siphoning…...

The IT help desk kindly requests you read this newsletter

Welcome to this week's edition of the Threat Source newsletter. Authority bias is one of the many things that shape how we think. Taking the advice of someone with recognized authority is often far easier and usually leads to a better outcome than spending time and effort in researching the...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy denial of service vulnerabilitiy( CVE-2024-45810).

Summary Potential Envoy denial of service vulnerabilitiy CVE-2024-45810 has been identified that affects IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45810 DESCRIPTION: Envoy is vulnerable to ...

Navigating the Future: Key IT Vulnerability Management Trends 

As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers MSPs and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify...

CVE-2025-22313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through = 3.0...

CVE-2024-11722

creationtimestamp| type| source ---|---|--- 2024-12-21 09:27:25+00:00| seen| https://infosec.exchange/users/cve/statuses/113690099366421366 2024-12-21 10:15:20+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso77bld625 2024-12-21 11:59:19+00:00| seen|...

How to Automate the Hardest Parts of Employee Offboarding

According to recent research on employee offboarding, 70% of IT professionals say they've experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn't deprovisioned, a surprise bill for resources that aren't in use anymor...

What is an Infosec Audit and Why Does Your Company Need One?

By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need One?...

What is an Infosec Audit and Why Does Your Company Need One?

By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need One?...

Achieve Security Compliance with Wazuh File Integrity Monitoring

File Integrity Monitoring FIM is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of FI...

CVE-2023-48710

iTop is an IT service management platform. Files from the env-production folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The pages/exec.php script as been...

Solar-Log 200 PM+ 3.6.0 Cross Site Scripting

Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Date: 10-30-23 Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Date: 10-30-23 Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS Vulnerability

Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...