[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence AI tools to make their attacks faster, stronger, and much harder to stop. According to...

CVE-2025-12252

A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-12252 code-projects Online Event Judging System action.php sql injection

A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

EUVD-2025-27164

Malicious code in bioql PyPI...

CVE-2024-3523 Campcodes Online Event Management System index.php sql injection

A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

EventON < 2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Create a new events. 2. In the "Eve...

Join us at InfoSec Jupyterthon 2022

Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center SOC tools. Sitting somewhere between scripting/macros and a full-blown development...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum, online, October 26-28, 2022. I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page...

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

CVE-2021-42667

CVE-2021-42667 affects Sourcecodester Online Event Booking and Reservation System (version 2.3.0). The vulnerability is an SQL Injection in the event-management/views component, exploitable via the vulnerable id parameter on the USER page, enabling an attacker to manipulate SQL queries, potential...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking via Internet at SHIFT Business Festival in Finland, August 25-26, 2021. I’ll be speaking at an Informa event on September 14, 2021. Details to come. I’m keynoting CIISec Live—an all-online event—September 15-16, 2021. I...

SAS@Home is back this fall

The world during the pandemic prepares many surprises for us. Most of them are certainly unpleasant: health risks, inability to travel or meet old friends. One of these unpleasant surprises awaited us in the early spring, when the organizing team of the beloved SAS conference were forced to...

We Love Our Customers!

Here in the States, we often get our dry cleaning returned on hangers that say "We Love Our Customers." I once inadvertently brought one into the office back in the day, and our team displayed it prominently on a shelf, because it's true. Meeting with customers is the best part of my job here at...

Statement from Akamai Executive Vice President and GM, Media & Carrier, Adam Karon, on the 2020 NAB Show

Akamai fully supports and appreciates NAB's decision to put off the 2020 NAB Show. We recognize the weight of the decision and subsequent, wide-ranging ramifications that had to be considered. While we're disappointed to miss this annual opportunity to personally connect with customers, partners...

WebEvents: Online Event Registration Template Username Fields SQL INJECTION

A R I A - S E C U R I T Y WebEvents: Online Event Registration Template Username Field SQL Injection Vendor: http://www.codewidgets.com http://target.com/PATH/signin.aspx Username: admin Password: anything' OR 'x'='x Credits: Aria-Security Team http://aria-security.net...