151 matches found
CVE-2023-40178 @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...
Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability
Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable...
Fake ChatGPT and AI pages on Facebook are spreading infostealers
By Habiba Rashid Some of the pages have millions of likes on them, suggesting that this is a large-scale scam. This is a post from HackRead.com Read the original post: Fake ChatGPT and AI pages on Facebook are spreading infostealers...
Massive Targeted Exploit Campaign Against WooCommerce Payments Underway
The Wordfence Threat Intelligence team has been monitoring an ongoing exploit campaign targeting a recently disclosed vulnerability in WooCommerce Payments, a plugin installed on over 600,000 sites. Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14...
[SECURITY] Fedora 37 Update: trafficserver-9.2.1-1.fc37
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...
Malicious code in esqguipostpost (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 952d1092de695c775af7b366bca295a8f1a982c7fc1de3c4e7e8cec6ab362c97 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfgrandccintel (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0e4c6f913eb225305d286b2fcc7910c2879680cf572cd5eac526f11722c2012c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-cchttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0b88c65358ea2e0f03b3f45be2f0bb0eac44db5f4e539868b79c23fab88e1a81 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqlgtbvm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 77119cb7f39ab9592c44ff7cd703435046b12fa0bfb98e04a75acd1e271e7f79 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-pongedvirtual (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4980d2e16244acc0a1432ab27afa0a53ef43e9339648c6c05f9b57d95ab9c7d4 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in libintelcv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 52a489a49d2e65effd9ae754a9849fbf4f2f83741d9e0359039e617f8cca7f3a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in cvad (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx de47fa92ba2486938748c5abc85aae94d41007d66399a18526975e5bdd6f4617 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in websocet-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx def6cdda3e16e392e575914ced25e522c3bcb3ca50d8228652a805cc7ee4ae51 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in sellenium (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 011843a4839c4407ebe20f622a86ded0b7bbb58b21e4dda29907cb1f70809892 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in vyepr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx eba3759027a37d4a8a114fdabc180c3a9b593ec0954011af8067fcf100664824 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
42,000 phishing domains discovered masquerading as popular brands
By Deeba Ahmed According to researchers, this scam is highly sophisticated and large-scale, targeting brands like McDonald’s, Unilever, Emirates, Knorr, Coca-Cola, etc. This is a post from HackRead.com Read the original post: 42,000 phishing domains discovered masquerading as popular brands...
Guangzhou Bainan Information Technology Co., Ltd. has a flawed logic vulnerability in its large instrument sharing management system
Large-scale instrument sharing management system is a company engaged in the design, development, production and integration services of laboratory information technology products. Guangzhou Bainan Information Technology Co., Ltd. has a logic flaw vulnerability in the large instrument sharing...
Uber Hack – Ride-hailing Giant Investigating Large-Scale Data Breach
By Waqas Unconfirmed reports claim an 18-year-old kid is behind the massive Uber hack. This is a post from HackRead.com Read the original post: Uber Hack - Ride-hailing Giant Investigating Large-Scale Data Breach...
[updated] Thousands of Zimbra mail servers backdoored in large scale attack
Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...
Apache Hive Authorization Issues Vulnerability
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...