EUVD-2010-2627

Malware in sbrugna...

CVE-2025-0828

A stored Cross-site Scripting XSS vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

Malicious code in specialist-pwm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19a9361debaeefca0fe9ce58993642683389ef781840fbeabd2a00fb2b1d6477 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2438 Malicious code in specialist-pwm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19a9361debaeefca0fe9ce58993642683389ef781840fbeabd2a00fb2b1d6477 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing solution lies in the lack of measures taken to protect the structure of web pages, allowing attackers to execute JavaScript code in the browser of the targeted user.

The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing solution is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute JavaScript code in th...

PT-2024-27711 · Shenzhen Weitillage Industrial Co. · Access Management Specialist

Name of the Vulnerable Software and Affected Versions: Shenzhen Weitillage Industrial Co., Ltd access management specialist version V6.62.51215 Description: An issue in the access management specialist allows a remote attacker to obtain sensitive information. Recommendations: For version...

Ukraine Arrests Cryptor Specialist Aiding Conti and LockBit Ransomware

Ukrainian Police have arrested a ransomware cryptor developer in connection with the notorious Conti and LockBit groups. This arrest was the result of Operation Endgame, a major operation that aims to dismantle key elements of these cybercriminal organizations...

Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem

By Owais Sultan Institutions, dApps and users on Flare will now benefit from Hypernative’s industry-leading ecosystem-wide protection suite. This is a post from HackRead.com Read the original post: Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem...

How to comply with GDPR requirements

Understanding the Basics of GDPR Compliance Within the sphere of cybersecurity, significant strides were made as the European Union EU introduced an innovative legislative tool called the General Data Protection Regulation GDPR, unveiled on May 25, 2018. This regulation highlights the EU's unifie...

Cyber insurance requirements: What’s in store for 2024

As the threat landscape evolves and the cost of data breaches increase, so will cyber insurance requirements from carriers. Cyber Risk Specialist Vince Kearns shares his 4 predictions for 2024...

sydneyspecialistphysiotherapy.com.au Improper Access Control vulnerability OBB-3782914

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The vulnerability of the GLPI system’s request and incident handling process, related to improper authorization, allows a malicious actor to escalate their privileges within the application.

The vulnerability of the GLPI request and incident handling system is related to the absence of an authorization mechanism that allows users with the “Technical Specialist” profile to view and generate a personal token for the superadministrator. Exploiting this vulnerability could enable a...

Tour of the Underground: Master the Art of Dark Web Intelligence Gathering

The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes. But did you know that the underground also offers a goldmine of threat intelligence and information that can be harness...

sanantoniofootspecialist.com Cross Site Scripting vulnerability OBB-3228506

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Play ransomware gang leaks City of Oakland data

The Play ransomware gang has begun partially publishing data they stole from the City of Oakland, California. The data were in multiple archive files with a collective file size of 10GB. According to the ransomware gang, the files contain "private and personal information data, financial...

TikTok: Ability to change permissions across seller platform

An Insecure Direct Object Reference IDOR vulnerability was found on the "Post" request on a TikTok Seller endpoint, which could have resulted in any user having the ability to change the "Finance Specialist" role permission. We thank @imrannisar for reporting this to our team...

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s...

footspecialistofmemorial.com Cross Site Scripting vulnerability OBB-3001707

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bostonpainspecialist.com Cross Site Scripting vulnerability OBB-2349734

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The financially motivated cybercrime gang behind the Carbanak backdoor malware, FIN7, has hit upon a genius idea for maximizing profit from ransomware: Hire real pen-testers to do some of their dirty work instead of striking partnerships with other criminals. According to a report from Gemini...