Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm cache: Prevent a BUG by blocking retries on devices where a failed resume operation occurred. A cache device that fails to resume due to mapping errors should not be retried, as the failure leaves a partially initialized polic...

CVE-2026-7071 CodeAstro Online Job Portal user-cvs file information disclosure

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010820)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010820 advisory. In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUGON by blocking retries on failed device resumes A cache device failing to...

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails...

Deepfakes, AI resumes, and the growing threat of fake applicants

Recruiters expect the odd exaggerated resume, but many companies, including us here at Malwarebytes, are now dealing with something far more serious: job applicants who aren't real people at all. From fabricated identities to AI-generated resumes and outsourced impostor interviews, hiring pipelin...

DomeWatch Leak Exposed Personal Data of Capitol Hill Applicants

Unsecured House Democrats' resume bank DomeWatch exposed 7,000 records, including PII and "top secret" clearance status, raising identity theft fears...

North Korean Scammers Are Doing Architectural Design Now

New research shows that North Koreans appear to be trying to trick US companies into hiring them to develop architectural designs using fake profiles, résumés, and Social Security numbers...

EUVD-2022-34812

Malicious code in bioql PyPI...

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

CVE-2025-48869

Horilla HRMS v1.3.0 is affected by a broken access control vulnerability that allows unauthenticated users to retrieve uploaded resume files by guessing or predicting file URLs. Files reside in a publicly accessible directory, enabling disclosure of sensitive candidate information without authent...

Horilla 访问控制错误漏洞

Horilla is a free and open source human resources software from Horilla, Inc. An access control error vulnerability exists in Horilla version 1.3.0 that originates from an unauthenticated user being able to access an uploaded resume file by guessing or predicting the file URL, which could result ...

Leaked ChatGPT Chats: Users Treat AI as Therapist, Lawyer, Confidant

Leaked ChatGPT chats reveal users sharing sensitive data, resumes, and seeking advice on mental health, exposing risks of…...

dm cache: prevent BUG_ON by blocking retries on failed device resumes

...

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services AWS infrastructure to deliver a malware family called Moreeggs. "By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group...

CVE-2024-13372

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid and getallresumefiles functions due to missing validation on a us...

CVE-2018-20519

An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal=ajaxsavebasic pid parameter...

CVE-2024-7762

The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes...