EUVD-2026-31809

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

PT-2026-43210

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...

EUVD-2018-17124

Malware in sbrugna...

EUVD-2019-3394

Malware in sbrugna...

EUVD-2025-31726

Malicious code in bioql PyPI...

EUVD-2022-49166

Malicious code in bioql PyPI...

CVE-2022-3255

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify...

CVE-2021-32503

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [3 February]

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices...

Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks

DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence AI buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to...

NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors

Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders such as GHOSTPULSE, and various...

Microsoft Teams used in phishing campaign to bypass multi-factor authentication

Attackers believed to have ties to Russia's Foreign Intelligence Service SVR are using Microsoft Teams chats as credential theft phishing lures. Microsoft Threat Intelligence has posted details about the perceived attacks targeted at fewer than 40 unique global organizations. The targeted...

CVE-2021-4348 Ultimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export

The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the exportsettings & importsettings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks suc...

Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions

South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execu...

Debian DSA-5385-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5385 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing. For th...

Unhandled SWF Tags in MP4Box: Potential Vulnerability in GPAC

An unhandled series of SWF tags have been identified in the MP4Box software, which is part of the GPAC multimedia framework. These tags are not properly processed, leading to potential vulnerabilities such as denial of service, buffer overflows, or other malicious attacks. POC: ./MP4Box -dash 100...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-075-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.9.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-075-01 advisory. - Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be...

Real-Time Defense of Multi-Cloud Environments From Malicious Attacks and Threats

Organizations today cannot detect real-time threats at runtime due to the multi-cloud infrastructure, resulting in the possibility of malicious actors exploiting the environment. It is imperative for the modern organization to have a solution to detect advanced run-time threats in real-time to...

TLS Connection Cryptographic Protocol Vulnerabilities

TLS is the backbone of encryption and key to ensuring data integrity, but its misconfiguration can leave your system vulnerable. Read on to discover how to secure your TLS connection and arm your organization against malicious attacks...

Huawei EMUI and HarmonyOS Security Bypass Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is to provide a full-scenario distributed operating system based on microkernel. A security bypass vulnerability exists in Huawei EMUI and HarmonyOS.The vulnerability is caused due to dynamic hiding and restoring...