Lucene search
K

45 matches found

CVE
CVE
added 2026/06/04 11:56 a.m.14 views

CVE-2025-52606

Technical details about CVE-2025-52606 are not publicly provided in the supplied documents. No affected products, versions, exploit info, or remediation are specified here. Monitor for updates.

4.3CVSS5.8AI score0.00169EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:56 a.m.40 views

CVE-2025-52606 HCL iControl was affected by Weak Input Validation vulnerability. .

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...

4.3CVSS0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46183

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 8:0 a.m.4 views

CVE-2026-21728 Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.2AI score0.00645EPSS
Exploits0References1
Securelist
Securelist
added 2026/04/20 9:1 a.m.6 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/07 11:57 a.m.6 views

Traffic violation scams swap links for QR codes to steal your card details

As soon as people start to get to grips with a certain type of scam, criminals deploy new tactics to keep stealing money. Now people have learned to distrust links in text messages, scammers have changed the bait, and in 2026 the “new link” is often a QR code tucked inside a fake notice. The late...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.4 views

Constructing Multi-Label Hierarchical Classification Models for MITRE ATT&CK Text Tagging

MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of techniques that describe the potential methods used in these...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:16 a.m.2 views

Malicious code in irma-sasag55-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9642e34d09c3df6b7e65d907f6061861048d6bcf99a1e3f99441566f94596ab8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 3:48 a.m.0 views

MAL-2025-79949 Malicious code in maya-kembang55-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23dffed06be0b3f6a163c788881bffc3572516830e154579233b7c9a6dec838d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 2:29 a.m.2 views

Malicious code in zain-tahu29-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26acc8aa275eb2fd16c88a92c2b92bd55cb7cd7ff48495724e7a895ea8b050e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:17 a.m.2 views

Malicious code in hadianto-kolak17-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41c4a13b008d5f7c369776f513dc9ae5b05dc39ff501a7cb5ea55903d6117670 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-10893

Malware in sbrugna...

8.8CVSS9AI score0.01013EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2025/08/21 4:25 p.m.11 views

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/06 4:25 p.m.53 views

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer AMOS on Apple macOS systems. The campaign, according to CloudSEK, has been found to...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/30 2:14 p.m.49 views

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:19 p.m.7 views

CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...

8.8CVSS6.2AI score0.01013EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/04/17 11:32 a.m.29 views

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy...

7.8AI score
Exploits0
HackRead
HackRead
added 2025/04/04 11:36 a.m.9 views

NSA and Global Allies Declare Fast Flux a National Security Threat

NSA and global cybersecurity agencies warn fast flux DNS tactic is a growing national security threat used in phishing, botnets, and ransomware...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/03 12:22 p.m.26 views

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/19 10:59 a.m.57 views

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that...

7.8CVSS7.8AI score0.99933EPSS
Exploits29
Rows per page
Query Builder