15 matches found
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and...
CVE-2024-10033
CVE-2024-10033 is an XSS vulnerability in the aap-gateway component of Red Hat Ansible Automation Platform (automation-gateway). The associated Red Hat advisory RHSA-2024:8534 lists this issue among security fixes and notes an upgrade path for the platform (automation-gateway updated to 2.5.3). T...
Cross Site Scripting (XSS)
com.jfinal:jfinal is vulnerable to Cross-site Scripting XSS. The vulnerability exists within the library's site management office which allows an attackers to inject malicious code into the site, potentially hijacking user sessions, stealing sensitive data, or manipulating displayed content...
LummaC2 v4.0 Malware Stealing Data with Trigonometry to Detect Human Users
By Deeba Ahmed LummaC2 is back as LummaC2 v4.0. This is a post from HackRead.com Read the original post: LummaC2 v4.0 Malware Stealing Data with Trigonometry to Detect Human Users...
Malicious code in libmaskvirtualpyw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1a0befd84460e2f0d1babcb5f8c0eb9396372fc1879b764144412cf1f02dc0dd EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Ethical hacker among 3 arrested for blackmail and ransomware attacks
By Waqas The suspects are allegedly involved in hacking, issuing threats, stealing data, laundering money, and extorting This is a post from HackRead.com Read the original post: Ethical hacker among 3 arrested for blackmail and ransomware attacks...
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
Three critical security vulnerabilities in widely used smart uninterruptible power supply UPS devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found. Researchers a...
Simple Forum-Discussion System SQL Injection Vulnerability
Simple Forum-Discussion System is a simple forum/discussion system. SQL injection vulnerability exists in Simple Forum-Discussion System, which originates in various components such as manage topic.php, manage user.php and ajax.php. Lack of validation of externally entered SQL statements. An...
Malicious Package
pensi-scheduler is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...
In Russia for World Cup? Beware of fake WiFi hotspots stealing user data
By Uzair Amir The Football World Cup 2018 has gathered thousands of fans This is a post from HackRead.com Read the original post: In Russia for World Cup? Beware of fake WiFi hotspots stealing user data...
Malicious Chrome extensions found stealing data with cryptomining malware
By Waqas Nigelthorm malware targets both Windows and Linux based devices. Using malware This is a post from HackRead.com Read the original post: Malicious Chrome extensions found stealing data with cryptomining malware...
CVE-2018-1000069
FreePlane version 1.5.9 and earlier contains a XML External Entity XXE vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been...
Fake Cryptocurrency Apps on Play Store Stealing User Data
By Waqas The US-based cryptocurrency exchange service Poloniex, which happens to be This is a post from HackRead.com Read the original post: Fake Cryptocurrency Apps on Play Store Stealing User Data...
Emissary Panda APT Group Gets Selective About Data it Steals
LAS VEGAS – The Emissary Panda APT group has a long history of invading Western organizations—be they enterprises, government or political outfits—hungry for reams of intellectual property. Lately the group, however, has become a little more selective about what it steals. Researchers at Dell...
USN-493-1: Firefox vulnerabilities
A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data such as passwords, of other web pages. CVE-2007-3844 Jesper Johansson discovered that spaces and double-quotes were not correctly...