EUVD-2023-1405

Malicious code in bioql PyPI...

CVE-2025-9390

A vulnerability was found in the xxd component of Vim in the main function of src/xxd/xxd.c. This flaw allows a local attacker to trigger a buffer overflow, which leads to a denial of service. Mitigation Upgrade to Vim version 9.1.1616 or later to address this issue...

PT-2025-28839 · WordPress · Simple Featured Image

Name of the Vulnerable Software and Affected Versions: Simple Featured Image plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Stored Cross-Site Scripting via the slideshow parameter due to insufficient input sanitization and output escaping. This allo...

Senator Chides FBI for Weak Advice on Mobile Security

Agents with the Federal Bureau of Investigation FBI briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and...

PT-2025-25717 · Cyberchimps · Cyberchimps Responsive Plus

Name of the Vulnerable Software and Affected Versions: CyberChimps Responsive Plus versions 3.2.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 3.2....

CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

PT-2023-30049 · Instantsoft · Icms2

Name of the Vulnerable Software and Affected Versions: instantsoft/icms2 versions prior to 2.16.1 Description: The issue concerns a session fixation problem. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents...

Zip domains, a bad idea nobody asked for

If you heard a strange and unfamiliar creaking noise on May 3, it may have been the simultaneous rolling of a million eyeballs. The synchronised ocular rotation was the less than warm welcome that parts of the IT and security industries--this author included--gave to Google's decision to put .zip...

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: mySCADA Technologies Equipment: mySCADA myPRO Vulnerabilities: OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Millions of Gemini cryptocurrency exchange user details leaked

If youre a user of the Gemini cryptocurrency exchange, its time to be on your guard against phishing attacks. Gemini says its own systems have not been compromised, but an unnamed third party has become the focal point for a breach. On December 13 or some point before, rogues gained access to jus...

PT-2022-24840 · Unknown · Matrix-Android-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages that appear to have come from another person without any indication. This vulnerability can be used to perform...

CISA Log4Shell warning: Patch VMware Horizon installations immediately

CISA and the United States Coast Guard Cyber Command CGCYBER are warning that the threat of Log4Shell hasnt gone away. Its being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerabili...

A week in security (April 25 – May 1)

Last week on Malwarebytes Labs: Why MITRE matters to SMBs Apple’s child safety features are coming to a Messages app near you Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09 Watch out for this SMS phish promising a tax refund Rogue ads phishing for cryptocurrency:...

Three Word Passwords

Introduction The National Cyber Security Centre NCSC have advocated the use of three random words for several years to create strong passwords, and that advice has been repeated recently by the National Crime Agency, and multiple police forces in the UK…. but just how strong are these passwords?...

Beers with Talos ep. #95: Election 2020 – Advice for voters and election officials

Beers with Talos BWT Podcast episode No. 95 is now available. Download this episode and subscribe to Beers with Talos:Apple Podcasts Google PodcastsSpotify StitcherIf iTunes and Google Play aren't your thing, click here. By Mitch Neff. Recorded Oct. 9, 2020 We are running a short bench today afte...

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal...

FreeBSD remote DoS attacks exploit analysis CVE-2 0 1 6-1 8 7 9-a vulnerability warning-the black bar safety net

The FreeBSD team announced theiroperating systemthere is a serious vulnerability, hackers can exploit this vulnerability to DoS（denial of service attacks, to mention the right or to steal system sensitive information. SCTP ICMPv6 error handling Vulnerability CVE-2 0 1 6-1 8 7 9 SCTP stream contro...

CPNI Releases Paper on Improving Defenses Against Targeted Attack

The United Kingdom's Centre for the Protection of National Infrastructure CPNI has released a report on its “Improving Defenses Against Targeted Attack" iDATA cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by natio...

Not being able to create webhooks with basic authentication.

Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5.2 we are getting a "Invalid URL" message. !https://jira.atlassian.com/secure/attachment/85015/webhookserror.png! workaround For Atlassian applications, the REST plugin ...