Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC66...

EUVD-2026-25391

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting...

EUVD-2025-208329

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing aka vishing and bogus...

PT-2025-39878

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.1049 Vasion Print Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application are configured with insecure SSH client settings within Docker instances...

HCL BigFix SaaS Authentication Service 安全漏洞

HCL BigFix SaaS Authentication Service is an endpoint management platform from HCL India. A security vulnerability exists in HCL BigFix SaaS Authentication Service that stems from an unvalidated Origin header value, which could lead to cache poisoning...

PT-2024-9455 · Intel · Intel Nuc Software Studio Service

Name of the Vulnerable Software and Affected Versions: Intel NUC Software Studio Service affected versions not specified Description: The issue is related to incorrect resource initialization, which can be exploited to disclose protected information. Recommendations: At the moment, there is no...

SUSE CVE-2024-22033

The OBS service obs-service-downloadurl was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps...

Why High Tech Companies Struggle with SaaS Security

It's easy to think high-tech companies have a security advantage over other older, more mature industries. Most are unburdened by 40 years of legacy systems and software. They draw some of the world's youngest, brightest digital natives to their ranks, all of whom consider cybersecurity issues...

CVE-2022-22359

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652...

fcovatti libiec_iccp_mod Buffer Overflow Vulnerability

LibiecIccpMod is used to modify Libiec6850 Mms to use Iccp clients. A buffer error vulnerability exists in fcovatti libieciccpmod v1.5, which stems from the lack of a limit on the size of the space that the software handles. An attacker could use this vulnerability to cause the software to fail t...

Adobe Genuine Software Service Access Control Error Vulnerability

Adobe Genuine Software Service is a legitimate software service from Adobe, which is vulnerable to an access control error that could be exploited by a locally authenticated attacker to achieve elevation of privilege in the context of the current user...

Adobe Genuine Software Service 访问控制错误漏洞

Adobe Genuine Software Service is a legitimate software service from Adobe, which is vulnerable to an access control error that could be exploited by a locally authenticated attacker to achieve elevation of privilege in the context of the current user...

CVE-2021-21096

Adobe Bridge versions 10.1.1 and earlier and 11.0.1 and earlier are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user...

CVE-2021-21096

Adobe Bridge versions 10.1.1 and earlier and 11.0.1 and earlier are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user...

Authorization

Adobe Bridge versions 10.1.1 and earlier and 11.0.1 and earlier are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user...

CVE-2021-21096

Adobe Bridge CVE-2021-21096 is an Improper Authorization vulnerability in the Genuine Software Service affecting versions 10.1.1 and earlier and 11.0.1 and earlier. A low-privileged attacker could cause an application denial-of-service without user interaction. The issue is referenced in APSB21-2...

Adobe Bridge Genuine Software Service Incorrect Permission Assignment Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Adobe Bridge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

SQL Injection Vulnerability in Home Furnishing ERP Management System of Shanghai Furnishing Union Information Technology Co.

Ltd. is a software service company specializing in enterprise management solutions for the decoration industry. There is a SQL injection vulnerability in the Home Decoration ERP Management System of Shanghai Decoration Alliance Information Technology Co., Ltd, which can be exploited by attackers ...

Adobe Acrobat Pro DC Genuine Software Service Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Genuine Software Service. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...