Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.14 views

CVE-2024-39033

In Newgensoft OmniDocs 11.0SP103006, Insecure Direct Object Reference IDOR in the getuserproperty function allows user's configuration and PII to be stolen...

7.5CVSS6.8AI score0.00327EPSS
Exploits0References1
hivepro
hivepro
added 2024/02/20 11:9 a.m.12 views

Novel Smishing Kit Leverages Cloud Platform

Summary: SNS Sender, a malicious Python script that leverages AWS SNS for mass SMS spamming, presents a novel approach to cloud-based attack tools, particularly in the area of smishing. The ARDUINODAS threat actor is linked to the operation that uses this cloud capability to send out a lot of...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/16 10:49 a.m.31 views

Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services AWS Simple Notification Service SNS. The SMS phishing messages are designed to propagate malicious links that are designed to capture victims'...

9.8CVSS9.5AI score0.12661EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/05 2:0 p.m.23 views

Information stealer compromises legitimate sites to attack other sites

Security researchers at Akamai have published a blog about a new Magecart-alike web skimming campaign that uses compromised legitimate sites as command and control C2 servers. A web skimmer is a piece of malicious code embedded in web payment pages to steal personally identifiable information PII...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/08 1:5 p.m.20 views

SSNDOB stolen data marketplace shut down by global law enforcement operation

The United States Department of Justice has announced a major takedown of a criminal marketplace that traded Personally Identifiable Information PII. Not just any old marketplace; this was a major, years-long operation with several failsafes to prevent permanent takedown. It took quite the...

0.4AI score
Exploits0
Cvelist
Cvelist
added 2021/05/05 6:39 p.m.17 views

CVE-2021-24249 Business Directory Plugin < 5.11.2 - Arbitrary Listing Export

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as...

6.6AI score0.00708EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2020/08/27 2:0 p.m.24 views

Magecart’s Success Paves Way For Cybercriminal Credit Card 'Sniffer' Market

The Magecart threat group has dominated headlines for its use of malicious JavaScript code, which is injected into e-commerce websites to exfiltrate customer payment card data. But new research points to a growing industry on underground forums where so-called “sniffers” are being advertised, sol...

6.3AI score
Exploits0References10
ThreatPost
ThreatPost
added 2020/01/21 10:7 p.m.60 views

16Shop Phishing Gang Goes After PayPal Users

A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information PII a...

7.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/05/09 9:7 p.m.78 views

Chinese Hackers Behind 2015 Anthem Data Breach Indicted

Two Chinese nationals have been charged in the massive 2015 data breach of health insurer Anthem that impacted more than 78 million people. Fujie Wang, 32, and another Chinese man, who remains unnamed, were allegedly part of a China-based hacking group that was behind the breach of Indiana-based...

1.1AI score
Exploits0References9
Hacker One
Hacker One
added 2018/10/25 3:49 p.m.19 views

U.S. Dept Of Defense: Admin panel take over | User info leakage | Mass Comprimise

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

0.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/06/29 1:39 p.m.41 views

This Week in Security News: Rules and Regulation

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, House lawmakers approved legislation for securing technology used to power critical infrastructures from cyberattacks. Read on to learn more...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2018/03/09 8:29 p.m.18 views

U.S. Dept Of Defense: Publicly accessible Order confirmations leaking User Emails on ███

Summary: I noticed that a user's order confirmation was publicly accessible leaking email information Description: An attacker can gleam sensitive information that is stored in the order confirmation file Impact Medium Step-by-step Reproduction Instructions...

0.7AI score
Exploits0
Rows per page
Query Builder