Lucene search
K

13 matches found

The Hacker News
The Hacker News
added 2026/03/03 9:20 a.m.9 views

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/06 4:23 p.m.5 views

Malicious code in ssf-desktop-api-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5940c26ac6aa2f9c3682f4d383922757d2d5c361b5a70140ca289eabe304be8d The package ssf-desktop-api-browser was found to contain malicious code. Source: ossf-package-analysis...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-52529

Malicious code in bioql PyPI...

6.5CVSS6.9AI score0.0085EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.30 views

Rocky Linux 8 : unbound (RLSA-2022:7622)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7622 advisory. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by...

6.5CVSS6.9AI score0.0085EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/11/19 12:0 a.m.38 views

AlmaLinux 9 : unbound (ALSA-2022:8062)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8062 advisory. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by...

6.5CVSS6.9AI score0.0085EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/11/15 2:40 p.m.7 views

unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names

A flaw was found in Unbound, which is vulnerable to a novel type of "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates...

6.5CVSS5.7AI score0.0085EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/11/12 12:0 a.m.74 views

AlmaLinux 8 : unbound (ALSA-2022:7622)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7622 advisory. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by...

6.5CVSS6.9AI score0.0085EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/11/08 10:8 a.m.4 views

unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names

A flaw was found in Unbound, which is vulnerable to a novel type of "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates...

6.5CVSS5.7AI score0.0085EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-5569-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.0085EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2022/05/20 10:58 a.m.213 views

Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits

Google's Threat Analysis Group TAG on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day aka 0-day flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as...

9.6CVSS8.2AI score0.36238EPSS
Exploits4
The Hacker News
The Hacker News
added 2021/05/21 8:46 a.m.32 views

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...

1.4AI score
Exploits0
NCSC
NCSC
added 2020/11/19 12:0 a.m.2 views

Vulnerability fixed in Node.js

A vulnerability has been fixed in Node.js. The vulnerability allows a malicious party potentially capable of causing a denial-of-service cause. To do this, the malicious party must be able to send a DNS request for a rogue domain. Only applications that allow a malicious party to send DNS request...

7.5CVSS8.3AI score0.54164EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/09/29 11:34 p.m.43 views

Why Web Browser Padlocks Shouldn't Be Trusted

For years, Apple, Firefox, Google and Microsoft relentlessly made the point that in order to avoid rogue sites you must make sure your browser “padlock” is either locked, green or is otherwise indicating a site as being “secure.” Now, cybersecurity firms are stressing that those padlocks are not...

6.8AI score
Exploits0References9
Rows per page
Query Builder