WordPress New Year Firework <=1.1.9 - Cross-Site Scripting

WordPress New Year Firework 1.1.9 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...

This Week in Spring - February 17th, 2026

Hi, Spring fans! Welcome to another rip-roaring installment of This Week in Spring! It's Lunar New Year or Chinese New Year for billions of people around the world and to those who celebrate, Happy Chinese/Lunar New Year 新年快乐! Or Happy Spring Festival 春节快乐! My favorite kind of festival! In honor ...

A Bootiful Podcast: Apache Tomcat legend Mark Thomas (Happy new year!)

In this episode, I talk with Mark Thomas, the legendary and highly prolific committer to Apache Tomcat. Happy New Year!...

curl: A quiet New Year wish for security researchers

Hi curl Security Team and fellow security researchers, Sorry in advance if this isn’t a traditional security report. I know your time is valuable, and I truly respect the work you all do. I just wanted to take a quiet moment to wish every security researcher here those who report issues, those wh...

EUVD-2016-1084

Malware in sbrugna...

A Bootiful Podcast: Dez Blanchfield, a tech legend for all ages

Hi, Spring fans! Happy happy = new Year2025! It's a new year and a new opportunity! In this episode I talk to my friend and legendary technologist Dez Blanchfield!...

North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware

A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said...

This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits

Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers,...

Korea In The Crosshairs

This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An. A one year review of campaigns performed by an actor with multiple campaigns mainly linked to South Korean targets. Executive Summary This article exposes the malicious activities of Group 123...

Wordpress new-year-firework plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL. new-year-firework is one of the plug-ins for creating new campaigns. A cross-site scripting vulnerabilit...

CVE-2016-1000140

Reflected XSS in wordpress plugin new-year-firework v1.1.9...

Cross site scripting

Reflected XSS in wordpress plugin new-year-firework v1.1.9...

CVE-2016-1000140

Reflected XSS in wordpress plugin new-year-firework v1.1.9...

CVE-2016-1000140

The CVE-2016-1000140 entry concerns the WordPress plugin New Year Firework, affected

Threat Outbreak Alert RuleID23786: Email Messages Distributing Malicious Software on July 10, 2016

Medium Alert ID: 47040 First Published: 2016 July 11 14:54 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID23786 may contain the following files: Name | Siz...

New Year Firework <= 1.1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The new-year-firework WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/new-year-firework/firework/index.php?text="alert1;"...

Chinese New Year - For Kids - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Chinese New Year - For Kids published at the 'play' market has multiple vulnerabilities...

New Year Winter Party Girl - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application New Year Winter Party Girl published at the 'play' market has multiple vulnerabilities...

Chinese Food - Lunar New Year! - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Chinese Food - Lunar New Year! published at the 'play' market has multiple vulnerabilities...

Fireworks Bang New Year - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Fireworks Bang New Year published at the 'play' market has multiple vulnerabilities...