364 matches found
Jenkins plugins Multiple Vulnerabilities (2024-05-02)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - High Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are...
CVE-2019-16780
creationtimestamp| type| source ---|---|--- 2024-03-17 11:16:40+00:00| seen| https://t.me/ctinow/209867...
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where...
Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users
By Deeba Ahmed Telekopye Toolkit was previously identified in August 2023 as being leveraged for a phishing scam by Russian cybercriminals. This is a post from HackRead.com Read the original post: Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users...
CVE-2023-4945
creationtimestamp| type| source ---|---|--- 2023-09-14 07:24:10+00:00| seen| https://t.me/cibsecurity/70425...
Analyzing a Facebook Profile Stealer Written in Node.js
We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication...
New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia
A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye, a portmanteau of Telegram and kopye meaning "spear" in Russian, the toolkit functions as an automated means to create a phishing web page from a premade templat...
QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
A new remote access trojan RAT called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providi...
CVE-2023-37873
creationtimestamp| type| source ---|---|--- 2023-08-06 02:12:00+00:00| seen| https://t.me/cibsecurity/67822...
CVE-2023-34006
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Telegram Bot & Channel plugin = 3.6.2 versions...
CVE-2023-34006
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Telegram Bot & Channel plugin = 3.6.2 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Telegram Bot & Channel plugin = 3.6.2 versions...
CVE-2023-34006
CVE-2023-34006 concerns the WordPress plugin “Telegram Bot & Channel” by Marco Milesi, affected versions
CVE-2023-34006 WordPress Telegram Bot & Channel Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Telegram Bot & Channel plugin = 3.6.2 versions...
WordPress Plugin Telegram Bot & Channel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-24625 · Unknown · Marco Milesi Telegram Bot & Channel
Name of the Vulnerable Software and Affected Versions: Marco Milesi Telegram Bot & Channel plugin versions = 3.6.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Marco Milesi Telegram B...
Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational institutions, government agencies, military bodies, and non-profit organizations,...
WordPress Telegram Bot & Channel Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Telegram Bot & Channel Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34006 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ffd28984fd7d Credits yuyudhn Required...
CVE-2023-2703
creationtimestamp| type| source ---|---|--- 2023-05-24 00:40:34+00:00| seen| https://t.me/cibsecurity/64659 2025-01-17 16:57:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2164...
CVE-2023-0192
creationtimestamp| type| source ---|---|--- 2023-04-01 12:22:57+00:00| seen| https://t.me/cibsecurity/61296...