26 matches found
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed...
EUVD-2018-13278
Malware in sbrugna...
EUVD-2015-9123
Malware in sbrugna...
EUVD-2018-13277
Malware in sbrugna...
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct "exposure points" earlier this month. The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and...
golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints
A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this...
OESA-2023-1591 golang security update
The Go Programming Language. Security Fixes: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trust...
Layer 7 DDoS Attacks: ❗️ Methods and Ways of Mitigation
The web has been the greatest type of development in the 21st century. It has uncovered the whole world to more current prospects and more effective methods of living. Today, we have various sites, online stores, online papers, etc. Essentially everything is online nowadays. Be that as it may, th...
Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps
Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service DDoS attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industr...
Unexpected Inflection Point
For decades, those of us who work on the infrastructure of the web have heard and talked a lot about "inflection points" -- points at which we have seen notable increases in Internet usage driven by commerce, entertainment, financial services, travel, etc. And now, without warning, the world...
Cross site scripting
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page...
CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE...
Deserialization of untrusted data
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant...
CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE...
CVE-2018-20732
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant...
CVE-2018-20732
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant...
Design/Logic Flaw
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE...
CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page...
CVE-2018-20733
The vulnerability CVE-2018-20733 affects SAS Web Infrastructure Platform’s BI Web Services prior to 9.4M6. The root issue is an XML External Entity (XXE) exposure within BI Web Services, potentially impacting confidentiality as indicated by CVSS metrics (C: Partial, A: None, I: None for CVSS2; C:...
CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE...