45 matches found
CVE-2025-9909
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management RMM software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing...
Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats
Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data...
EUVD-2017-3670
Malware in sbrugna...
EUVD-2022-7348
Malicious code in bioql PyPI...
SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning
Federated Learning FL has emerged as a leading paradigm for privacy-preserving distributed machine learning, yet the distributed nature of FL introduces unique security challenges, notably the threat of backdoor attacks. Existing backdoor strategies predominantly rely on end-to-end label...
CVE-2019-19642
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...
BIT-DOLIBARR-2022-4093 SQL Injection in dolibarr/dolibarr
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In...
Malicious code in ethchained (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec2d7a0486fc07b92c872693b5b7ff68caeb51129ed60fdeb32a6913811a91df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages
Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...
CVE-2022-4093 SQL Injection in dolibarr/dolibarr
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In...
Malicious code in irmraf (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79003d7e88777d58f2bf060d4f054d2527e6c4ff77d970645be62920969ee1ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in acs-ui-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7eb198d76eddd8c49bac72bea49559b8d349e2d762170f0312a5ff9736969a0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...
SuperMicro X8STi-F Operating System Command Injection Vulnerability
The SuperMicro X8STi-F is a computer motherboard from SuperMicro USA. An operating system command injection vulnerability exists in the Virtual Media feature in the SuperMicro X8STi-F with IPMI firmware version 2.06 and BIOS version 02.68. An attacker can exploit this vulnerability to obtain a...
Command injection
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...
CVE-2019-19642
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...
Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor
Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by...
Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor
Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by...