⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive...

Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploi...

NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy , according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone...

PT-2024-34127

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The issue is related to a possible leak of kernel memory contents to a USB HID due to uninitialized data in the Linux kernel. This could lead to physical information disclosure with no...

openSUSE: Security Advisory for wdiff (openSUSE-SU-2022:10031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHPJabbers Restaurant Booking System Security Vulnerability

PHPJabbers Restaurant Booking System is a restaurant booking system from the Serbian company PHPJabbers. A security vulnerability exists in PHPJabbers Restaurant Booking System version 3.0, which originates from a lost rate limit vulnerability...

Phpjabbers Fundraising Script has an unspecified vulnerability

Phpjabbers Fundraising Script is a simple open source Php donation script from the Serbian company Phpjabbers. Phpjabbers Fundraising Script has a security vulnerability that stems from the inclusion of an SQL injection in the pjActionSetAmount function...

Phpjabbers Fundraising Script Cross-Site Scripting Vulnerability

Phpjabbers Fundraising Script is a simple open source Php donation script from the Serbian company Phpjabbers. Phpjabbers Fundraising Script version 1.0 has a cross-site scripting vulnerability that allows attackers to attack through the pjActionLoadCss function...

Phpjabbers Fundraising Script SQL注入漏洞

Phpjabbers Fundraising Script is a simple open source Php donation script from the Serbian company Phpjabbers. Phpjabbers Fundraising Script has a security vulnerability that stems from the discovery of a SQL injection vulnerability contained in the pjActionLoadForm function. No details of the...

MS15-116: Description of the security update for Access 2016: November 10, 2015

MS15-116: Description of the security update for Access 2016: November 10, 2015 Summary This security update resolves vulnerabilities in Access 2016 that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilities, see...

February 7, 2017, update for Office 2016 (KB3114389)

February 7, 2017, update for Office 2016 KB3114389 This article describes update KB3114389 for Microsoft Office 2016, which was released on February 7, 2017. This update has a prerequisite. Be aware that the update on the Microsoft Download Center applies to the Microsoft Installer .msi-based...

OPENSUSE-SU-2019:1929-1 Security update for LibreOffice

This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.5.2 fate327121 bsc1128845 bsc1123455, bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb bsc1135189 - PPTX: Rectangle...

Fedora 29 : php-phpmailer6 (2018-18f3eff32b)

Version 6.0.6 - SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to...

Fedora 28 : php-phpmailer6 (2018-0f5e6e9957)

Version 6.0.6 - SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to...

Fedora 27 : php-phpmailer6 (2018-46b92c9064)

Version 6.0.6 - SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. - Added Tagalog translation, thanks to StoneArtz - Added Malagache translation, thanks to Hackinet - Updated Serbian translation, fixed incorrect language code, thanks to...

serbian-hotels.rs Improper Access Control vulnerability

Open Bug Bounty ID: OBB-649887 Description| Value ---|--- Affected Website:| serbian-hotels.rs Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Suspected member of The Dark Overlord hacking group arrested

By Waqas Serbian authorities have arrested a 38-year-old man from Belgrade suspected This is a post from HackRead.com Read the original post: Suspected member of The Dark Overlord hacking group arrested...

serbian-hotels.rs Improper Access Control vulnerability

Open Bug Bounty ID: OBB-584912 Description| Value ---|--- Affected Website:| serbian-hotels.rs Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

XSS vulnerability in code example

SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There...

Object injection

SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. Added Tagalog translation, thanks to @StoneArtz Added Malagache translation, thanks to @Hackinet Updated Serbian translation, fixed incorrect language code, thanks to @mmilanovic4 Updated...