EUVD-2018-0774

Malware in sbrugna...

EUVD-2022-40727

Malicious code in bioql PyPI...

North Korean Hackers Steal $1.5B in Cryptocurrency

It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a "Multisig Cold Wallet" when,...

MarbleRun unauthenticated recovery allows Coordinator impersonation

Impact During recovery, a Coordinator only verifies that a given recovery key decrypts the sealed state, not if this key was provided by a party with access to one of the recovery keys defined in the manifest. This allows an attacker to manually craft a sealed state using their own recovery keys,...

Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'

Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human...

Reflected XSS Vulnerability at `_detail/?lang` parameter

Description Reflected XSS vulnerability allows attackers to exploit the trust placed by a web application in user-supplied input, such as query parameters or form fields. In this case, the vulnerability was found in the following URL: https://www.dokuwiki.org/detail/?lang=1"alertdocument.domain...

CVE-2022-38125

CVE-2022-38125 affects Secomea SiteManager, specifically the FTP Agent modules. The root cause is Improper Restriction of Communication Channel to Intended Endpoints, enabling exploitation of trust in the client. The NVD entry lists a CVSS v3.1 base score of 5.5 (Medium) with Local attack vector,...

CVE-2022-38125 FTP Agent forwards traffic on inactive ports to LinkManager

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager FTP Agent modules allows Exploiting Trust in Client...

How to protect your business from supply chain attacks

Threat actors know that attacking the supply chain is not just a smart strategy but also a winning one. When American store Target found a Trojan designed to steal card details on its POS point-of-sale systems in 2013, no one expected that the route into its secure environment was its heating,...

Shopify: Reflective XSS on wholesale.shopify.com

There is a reflected XSS issue on wholesale.shopify.com Steps to reproduce: Call the following URL in Mozilla Firefox: https://wholesale.shopify.com/asd%27%3Balert%28%27XSS%27%29%3B%27 An alert box with "XSS" appears. This means that an attacker has full control of the scripts, that are executed ...

New fake banking cert attacks in play

From eWEEK Matt Hines Researchers with security training experts SANS Institute have reported the emergence of a new wave of attacks seeking to take advantage of trust in online banking sites and digital certificate e-banking security programs. The involved attacks target customers of Bank of...