4449 matches found
CVE-2025-12374
CVE-2025-12374 (User Verification by PickPlugins) affects WordPress plugin User Verification (versions ≤ 2.0.39). Root cause: authentication bypass due to improper validation of OTP generation in user_verification_form_wrap_process_otpLogin, allowing unauthenticated logins with a verified email (...
EUVD-2001-1169
Malware in sbrugna...
EUVD-2002-1262
Malware in sbrugna...
EUVD-2003-0280
Malware in sbrugna...
EUVD-2005-0494
Malware in sbrugna...
EUVD-2006-7002
Malware in sbrugna...
EUVD-2007-3265
Malware in sbrugna...
EUVD-2008-6971
Malware in sbrugna...
EUVD-2024-3398
Malicious code in bioql PyPI...
EUVD-2021-7919
Malicious code in bioql PyPI...
The Silent, Fileless Threat of VShell
The Silent, Fileless Threat of VShell By Sagar Bade · August 21, 2025 Introduction Linux environments are often seen as bastions of security, favored by developers, sysadmins, and security professionals for their stability, transparency, and resistance to malware. Compared to Windows, the attack...
GHSA-FF6V-W58F-V97W XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right
Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as whi...
CVE-2022-2123
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...
CVE-2019-12467
MediaWiki through 1.32.1 has Incorrect Access Control issue 1 of 3. A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...
Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
In nearly every segment of our lives, AI artificial intelligence now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on...
Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar
Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM anti-sandbox...
Nigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call "Nigerian Tesla" that has been dabbling into phishing...
AvosLocker Ransomware group has targeted 50+ Organizations Worldwide
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released threat advisories on AvosLocker Ransomware. It is a Ransomware as a Service RaaS affiliate-based group that has targeted 50+...
Microsoft Accounts Targeted by Russian-Themed Credential Harvesting
While legitimate concerns abound about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare conflagration around the globe, small-time crooks are also ramping up their efforts amid the crisis. Phishing emails to Microsoft users warning of Moscow-led account hacking have started to...
CVE-2021-20501
CVE-2021-20501 affects IBM i SMTP on IBM i releases 7.1–7.4. The issue allows a network attacker to abuse non-default configuration to deliver email to non-existent local-domain recipients, consuming bandwidth and disk space and enabling spam. The underlying cause is in IBM i SMTP configuration. ...