Cross Site Scripting (XSS)

@udecode/plate-media is vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of proper URL sanitization in MediaEmbedElement and custom urlParsers and direct consumption of the url property, which allows an attacker to embed malicious URLs using javascript:, data:, or vbscript...

Plate Security Breach

Plate is a plugin system for Ziad Beyens individual developers to make it easier to build fully functional editors. Plate has a security vulnerability that stems from when the editor uses the MediaEmbedElement component and passes custom urlParsers via the useMediaState hook, if the custom parser...

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

Cybercriminals Abuse Stack Overflow to Promote Malicious Python Package

Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index PyPI repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing...

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script VBScript in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as...

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

A new attack campaign dubbed CLOUDREVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUDREVERSER inherently involves command-and-control-like activities by using Google...

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

The North Korea-linked threat actor known as Kimsuky aka Black Banshee, Emerald Sleet, or Springtail has been observed shifting its tactics, leveraging Compiled HTML Help CHM files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at least 2012, is known to target...

The Evolution of DEEP#GOSU Attack Campaign by Kimsuky Group

Summary: A sophisticated multi-stage attack campaign linked to the North Korean Kimsuky group, dubbed DEEPGOSU. Using PowerShell and VBScript, the attackers leverage remote access trojan RAT software for full control over infected hosts, while employing legitimate services like Dropbox for comman...

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEPGOSU, said it's likely associated with the North Korean state-sponsored group...

Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERVBSCRIPTTROJANMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender Vulnerability Type...

Microsoft Windows Defender - VBScript Detection Bypass Vulnerability

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multip...

Microsoft Windows Defender - VBScript Detection Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERVBSCRIPTTROJANMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender Vulnerability Type...

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index PyPI repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 package...

CVE-2022-48192

Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script JavaScript, VBScript in the context of the application...

Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security...

SAP PowerDesigner Code Injection Vulnerability (CNVD-2024-23328)

SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...

CVE-2023-40621

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...

CVE-2023-40621

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...

Default credentials

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...

CVE-2023-40621

CVE-2023-40621 affects SAP PowerDesigner Client 16.7, where an unauthenticated attacker can inject VBScript into a document and have it executed when opened by a user. The root cause is VBScript code execution within documents due to default security settings not preventing untrusted scripts. Imp...