29 matches found
CVE-2019-25500
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
EUVD-2019-19726
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
CVE-2019-25500
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
CVE-2019-25500
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
CVE-2019-25500
Simple Job Script is affected by an SQL injection in the employerid parameter of the register-recruiters endpoint. Attackers can send unauthenticated POST requests to manipulate queries, potentially exposing sensitive data (C: HIGH) and altering data (I: LOW). Affected vector is network with low ...
CVE-2019-25500 Simple Job Script SQL Injection via register-recruiters endpoint
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
CVE-2019-25500
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
CVE-2019-25500 Simple Job Script SQL Injection via register-recruiters endpoint
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
PT-2026-22955
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...
Phishing Attacks Against People Seeking Programming Jobs
This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article...
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence AI model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber...
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name...
Dark Web Roast - August 2025 Edition
Dark Web Roast - August 2025 Edition By Trellix Advanced Research Center · September 18, 2025 Executive Summary August 2025 delivered a masterclass in cybercriminal incompetence that would make amateur hour look professional. From racist social engineering recruiters who prioritize race over actu...
LinkedIn bots and spear phishers target job seekers
Microsoft's social network for professionals, LinkedIn, is an important platform for job recruiters and seekers alike. It's also a place where criminals go to find new potential victims. Like other social media platforms, LinkedIn is no stranger to bots attracted to special keywords and hashtags...
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals
A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called Moreeggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading a...
North Korean Hackers Update BeaverTail Malware to Target MacOS Users
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea DPRK have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk...
TA4557 Targets Recruiters by Delivering Malware Disguised as Job Applicant
Summary: Threat actor TA4557 has been focusing on recruiters by posing as job applicants to distribute malware. While this approach is not unprecedented, there have been notable shifts in both technique and attack vectors compared to their previous methods. The attackers have demonstrated an...
Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor Access
By Waqas TA4557 is a financially motivated threat actor known to distribute the MoreEggs backdoor against recruiters on LinkedIn. This is a post from HackRead.com Read the original post: Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor Access...
OpenCATS Cross-Site Scripting Vulnerability (CNVD-2023-29368)
OpenCATS is a leading open source applicant tracking system for recruiters and companies. A security vulnerability exists in OpenCats v0.9.7. An attacker could use the vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the state parameter of...
jobs.quantumrecruiters.net Cross Site Scripting vulnerability OBB-2881408
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...