QRS: A Rule-Synthesizing Neuro-Symbolic Triad for Autonomous Vulnerability Discovery

Static Application Security Testing SAST tools are integral to modern DevSecOps pipelines, yet tools like CodeQL, Semgrep, and SonarQube remain fundamentally constrained: they require expert-crafted queries, generate excessive false positives, and detect only predefined vulnerability patterns...

MiracleLinux 9 : java-21-openjdk-21.0.9.0.10-1.el9.ML.1 (AXSA:2025-11028:16)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11028:16 advisory. JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 JDK: Enhance String Handling CVE-2025-61748 Tenable has...

Google Sues to Disrupt Chinese SMS Phishing Triad

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and...

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation

The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. "Although these domains are...

EUVD-2024-17507

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-3752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a rac...

CVE-2024-1782

The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'btwebid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

Web 3.0 Requires Data Integrity

If you've ever taken a computer security class, you've probably learned about the three legs of computer security--confidentiality, integrity, and availability--known as the CIA triad. When we talk about a system being secure, that's what we're referring to. All are important, but to different...

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach n...

USPS Text Scammers Duped His Wife, So He Hacked Their Operation

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities...

Chinese SMS Phishing Group Hits iPhone Users in India Post Scam

The notorious Chinese Smishing Triad gang, known for its SMS phishing attacks against Pakistan, the US, and European…...

Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming? Absolutel...

CVE-2024-1782

The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'btwebid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2024-1782

CVE-2024-1782 concerns the Blue Triad EZAnalytics WordPress plugin. Affected versions are all up to and including 1.0, with a Reflected Cross-Site Scripting vulnerability via the bt_webid parameter caused by insufficient input sanitization and output escaping. This enables unauthenticated attacke...

WordPress Plugin Blue Triad EZAnalytics Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Blue Triad EZAnalytics <= 1.0 - Reflected Cross-Site Scripting via 'bt_webid'

Description The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'btwebid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

PT-2024-18302 · Blue Triad · Ezanalytics

Name of the Vulnerable Software and Affected Versions: Blue Triad EZAnalytics plugin for WordPress versions up to, and including, 1.0 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages due to insufficient input sanitization and output escaping via the...

WordPress Blue Triad EZAnalytics Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Blue Triad EZAnalytics Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1782 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 505430cf135b Credits WordFence...

Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country...

Attacks, Vulnerabilities and Actors 4 September to 10 September 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of ten executed attacks, one instance of adversary activity, and six vulnerabilities...