CVE-2024-9798

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers...

Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates

Today we released the fifth edition of Cyber Signals, spotlighting threats to large venues, and sporting and entertainment events, based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the State of Qatar’s hosting of the FIFA World...

Most Targeted Attacks Exploit Privileged Accounts

We all like to write and talk about flashy zero-day vulnerabilities. However, a new threat report cautions enterprises not to flatter themselves, because the majority of criminals are not using valuable zero-days exploits to penetrate corporate networks: they’re phishing privileged account...

XSS using addEventListener and setTimeout — Mozilla

Mozilla contributor mozbugra4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...

XSS using addEventListener — Mozilla

Mozilla contributor mozbugra4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site...