87 matches found
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'auxtimeline' Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.5.2 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons for Elementor Page Builder Lite...
Malicious code in @zalastax/nolb-ngo (npm)
The package @zalastax/nolb-ngo was found to contain malicious code...
MAL-2025-12516 Malicious code in @zalastax/nolb-ngo (npm)
The package @zalastax/nolb-ngo was found to contain malicious code...
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard aka Laundry Bear that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to...
WordPress SeedProd Pro plugin < 6.18.13 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Ngô Thái An Patchstack Alliance in WordPress Plugin SeedProd Pro versions 6.18.13...
The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight
Welcome to this week's edition of the Threat Source newsletter. I am unbelievably lucky to do the work that I do. My title is technically 'Senior Security Strategist'. It's a very fancy title, but basically: I get to research threats with my colleagues and friends to keep people safe here at Talo...
Meta takes down more than 2 million accounts in fight against pig butchering
Meta provided insight this week into the company's efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Pig butchering scams are big business, with hundreds of millions of dollars involved every year. The...
WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by lowol ngo Patchstack Alliance in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.5...
WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin ElementsKit Pro versions = 3.6.0...
WordPress WP Delicious plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin WP Delicious versions = 1.6.7...
WordPress Element Pack Elementor Addons plugin <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via titletag vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Element Pack Elementor Addons versions = 5.7.6...
WordPress Blockspare plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Blockspare versions = 3.2.0...
Chinese Hackers Target Taiwan and US NGO with MgBot Malware
Organizations in Taiwan and a U.S. non-governmental organization NGO based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage,"...
WordPress Arkhe Blocks plugin 2.22.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Arkhe Blocks versions = 2.22.1...
WordPress Elementor Addons by Livemesh plugin <= 8.4.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Livemesh Addons for Elementor versions = 8.4.0...
WordPress DImage 360 plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin DImage 360 versions = 2.0...
WordPress Spectra plugin <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Spectra versions = 2.13.0...
WordPress PB MailCrypt plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin PB MailCrypt versions = 3.1.0...
WordPress Giphypress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Giphypress versions = 1.6.2...