Lucene search
K

47 matches found

Malwarebytes
Malwarebytes
added 2026/03/06 7:35 p.m.13 views

One click on this fake Google Meet update can give attackers control of your PC

A phishing page disguised as a Google Meet update notice is silently handing victims’ Windows computers to an attacker-controlled management server. No password is stolen, no files are downloaded, and there are no obvious red flags. It just takes a single click on a convincing Google Meet fake...

5.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/08 9:17 a.m.3 views

“Can you test my game?” Fake itch.io pages spread hidden malware to gamers

You get a message from a Discord friend. Or maybe an unknown indie developer reaches out to you. “Can you test my game?” they ask. The webpage they send over a link to looks legit: screenshots, dev blurb, itch.io-style layout, and the download button is right there, waiting to be clicked. The...

7.3AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52444

Malicious code in bioql PyPI...

4.5CVSS5AI score0.00541EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/29 10:56 p.m.3 views

CVE-2025-59948 FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to ...

6.7CVSS6.4AI score0.00307EPSS
Exploits1References3
OSV
OSV
added 2025/09/29 10:56 p.m.4 views

CVE-2025-59948 FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to ...

6.7CVSS6.8AI score0.00307EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.4 views

PT-2025-39918

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS does not properly sanitize event handler attributes within feed content. This can lead to cross-site scripting XSS if a page renders feed entries without a Content Security Policy CSP. Th...

6.7CVSS5.9AI score0.00307EPSS
Exploits1References8
Gitee
Gitee
added 2025/09/14 5:35 p.m.99 views

pentest_compilation

It is an offensive tool for Windows. The repository contains a compilation of commands, tips, and scripts used for penetration testing and red teaming exercises. The provided code snippet is an XML file named "detalle.SettingContent-ms" located in the "Phishing" directory. This file appears to be...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 9:52 a.m.13 views

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

Threat hunters have exposed a novel campaign that makes use of search engine optimization SEO poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.6 views

CVE-2019-1010247

ZmartZone IAM modauthopenidc 2.3.10.1 and earlier is affected by: Cross Site Scripting XSS. The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/modauthopenidc.c, Line: 3109. The fixed version is: 2.3.10.2...

6.1CVSS6.3AI score0.01274EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/01/21 5:45 a.m.6 views

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload,...

7.7AI score
Exploits0
OSV
OSV
added 2024/10/11 6:15 p.m.5 views

CVE-2024-9539

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to uplo...

4.3CVSS6.1AI score0.00615EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.5 views

PT-2024-7223 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server version 3.14.2 GitHub Enterprise Server version 3.13.5 GitHub Enterprise Server version 3.12.10 GitHub Enterprise Server version 3.11.16 Description: An information...

5.7CVSS6.7AI score0.00615EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2024/06/15 2:20 a.m.2 views

SUSE CVE-2024-5689

In addition to detecting when a user was taking a screenshot XXX, a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox 127...

4.3CVSS6.2AI score0.00398EPSS
Exploits0References4
OSV
OSV
added 2024/06/11 1:15 p.m.6 views

UBUNTU-CVE-2024-5689

In addition to detecting when a user was taking a screenshot XXX, a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox 127...

4.3CVSS7.3AI score0.00398EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/30 2:55 p.m.2 views

Mozilla: Phishing site popup could show local origin in address bar

The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...

4.3CVSS7.2AI score0.00333EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2024/01/11 6:10 a.m.34 views

Mandiant's X Account Was Hacked Using Brute-Force Attack

The compromise of Mandiant's X formerly Twitter account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service DaaS group. "Normally, two-factor authentication would have mitigated this, but due to some team transitions and a change in X...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/29 7:48 a.m.56 views

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2022/11/01 11:12 p.m.24 views

Khan Academy: xss due to incorrect handling of postmessages

Due to Insecure handling of create link tags a tags in a function called autolink found in 7Bmt.af733e428f9f986dfc96.js js e = n.autolinke, !0; const n = function const e = /\b?:?:https?://|www\d0,3.|a-z0-9.-+.a-z2,4/?:^\s&+|&|?:^\s|?:^\s+\+?:?:^\s|?:^\s+\|^\s!\;:'".,?«»“”‘’&/gi; return...

7.1AI score
Exploits0
CNVD
CNVD
added 2022/09/29 12:0 a.m.21 views

mailcow redirect vulnerability

mailcow is a mail server suite. mailcow versions prior to 2022.09 contain a redirection vulnerability, which stems from the system's failure to reasonably handle target hops. An attacker could exploit the vulnerability by crafting a custom Swagger API template to spoof authorization links and...

8.2CVSS1.9AI score0.00614EPSS
Exploits1References1
OSV
OSV
added 2022/06/10 4:15 p.m.4 views

CVE-2022-30610

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Onc...

4.5CVSS6.1AI score0.00541EPSS
Exploits0References2
Rows per page
Query Builder