Exploit

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

CVE News

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

A critical unauthenticated Cross-Site Scripting (XSS) vulnerability has been identified in ABB Cylon Aspect firmware version 4.00.00,...

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

CVE News

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

A critical unauthenticated SQL injection vulnerability (CVE-2024-11728) has been identified in KiviCare Clinic & Patient Management System...

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

CVE News

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

A critical supply chain attack has compromised Ripple’s official xrpl.js NPM package, injecting malicious code designed to...

Reflected XSS Vulnerability in code-projects Online Exam Mastering System 1.0

CVE News

Reflected XSS Vulnerability in code-projects Online Exam Mastering System 1.0

A recently disclosed vulnerability in the code-projects Online Exam Mastering System 1.0 exposes users to reflected Cross-Site...

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

Data Breach

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

In February 2024, Baltimore City Public Schools suffered a significant ransomware attack compromising over 25,000 records of...

SK Telecom USIM Data Breach: Malware Attack Exposes Customer Authentication Data

Data Breach

SK Telecom USIM Data Breach: Malware Attack Exposes Customer Authentication Data

South Korea’s largest mobile operator, SK Telecom, has confirmed a malware attack compromising sensitive USIM-related customer data,...

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

Red-Team

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

A newly documented proof-of-concept attack named “Cookie-Bite” demonstrates how malicious Chrome extensions can hijack browser session cookies...

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

CVE News

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

A high-severity vulnerability (CVE-2025-2594) has been identified in the WordPress User Registration & Membership plugin, allowing unauthenticated...

Tenda AC15 Router Vulnerability (CVE-2025-3786): Remote Buffer Overflow Exploit Analysis

CVE News

Tenda AC15 Router Vulnerability (CVE-2025-3786): Remote Buffer Overflow Exploit Analysis

A critical buffer overflow vulnerability (CVE-2025-3786) has been identified in Tenda AC15 routers, affecting firmware versions up...

Verizon Call Filter App Vulnerability Exposes Millions of Call Logs

CVE News

Verizon Call Filter App Vulnerability Exposes Millions of Call Logs

A recently patched vulnerability in Verizon’s Call Filter iOS app allowed unauthorized access to call metadata for...

FBI Warns of Medusa Ransomware Targeting Gmail and Outlook Users: Mitigation and Analysis

Threat Intelligence

FBI Warns of Medusa Ransomware Targeting Gmail and Outlook Users: Mitigation and Analysis

The FBI has issued an urgent advisory warning Gmail and Outlook users about a surge in Medusa...

Oracle Health Data Breach: Legacy Server Compromise Exposes Patient Records

Data Breach

Oracle Health Data Breach: Legacy Server Compromise Exposes Patient Records

A recent breach at Oracle Health has exposed sensitive patient data across multiple US hospitals, raising concerns...

Sam’s Club Faces Potential Clop Ransomware Attack: Investigation Underway

Threat Intelligence

Sam’s Club Faces Potential Clop Ransomware Attack: Investigation Underway

Sam’s Club, the Walmart-owned retail warehouse chain, is currently investigating claims of a data breach linked to...

MailChimp Security Breaches: Phishing, Social Engineering, and Session Hijacking Tactics

Data Breach

MailChimp Security Breaches: Phishing, Social Engineering, and Session Hijacking Tactics

MailChimp, a widely used email marketing platform, has become a prime target for cybercriminals employing sophisticated phishing...

Blacklock Ransomware Infrastructure Compromised: Inside the Breach That Exposed Future Attacks

Threat Intelligence

Blacklock Ransomware Infrastructure Compromised: Inside the Breach That Exposed Future Attacks

In a significant blow to the Blacklock ransomware group, cybersecurity firm Resecurity exploited a vulnerability in the...

Massive JavaScript Injection Campaign Targets 150,000 Sites to Redirect Users to Chinese Gambling Platforms

Threat Intelligence

Massive JavaScript Injection Campaign Targets 150,000 Sites to Redirect Users to Chinese Gambling Platforms

A widespread cyber campaign has compromised approximately 150,000 legitimate websites by injecting malicious JavaScript code that redirects...

February 2025 Financial Sector Cyber Threats: Korean & Global Security Analysis

Threat Intelligence

February 2025 Financial Sector Cyber Threats: Korean & Global Security Analysis

A recent ASEC report reveals intensifying cyber threats against financial institutions in South Korea and worldwide, with...

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

CVE News

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

A malicious campaign is targeting security researchers by distributing a fake proof-of-concept (PoC) exploit for the LDAPNightmare...

NCSC.nl Warns of Cl0p Ransomware Campaigns Targeting File Transfer Systems

Exploitation
Threat Intelligence

NCSC.nl Warns of Cl0p Ransomware Campaigns Targeting File Transfer Systems

The Nationaal Cyber Security Centrum (NCSC) of the Netherlands has issued a warning regarding a series of cyberattacks...

Critical Vulnerabilities in FortiOS and FortiProxy Lead to Ransomware Attacks: NCSC Warns of Exploitation

CVE News
Exploitation

Critical Vulnerabilities in FortiOS and FortiProxy Lead to Ransomware Attacks: NCSC Warns of Exploitation

The National Cyber Security Centre (NCSC) has reported a significant surge in ransomware attacks targeting critical vulnerabilities...

Posts pagination

Previous 1 2 3 Next

Exploit

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

Reflected XSS Vulnerability in code-projects Online Exam Mastering System 1.0

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

SK Telecom USIM Data Breach: Malware Attack Exposes Customer Authentication Data

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

Tenda AC15 Router Vulnerability (CVE-2025-3786): Remote Buffer Overflow Exploit Analysis

Verizon Call Filter App Vulnerability Exposes Millions of Call Logs

FBI Warns of Medusa Ransomware Targeting Gmail and Outlook Users: Mitigation and Analysis

Oracle Health Data Breach: Legacy Server Compromise Exposes Patient Records

Sam’s Club Faces Potential Clop Ransomware Attack: Investigation Underway

Blacklock Ransomware Infrastructure Compromised: Inside the Breach That Exposed Future Attacks

Massive JavaScript Injection Campaign Targets 150,000 Sites to Redirect Users to Chinese Gambling Platforms

February 2025 Financial Sector Cyber Threats: Korean & Global Security Analysis

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

NCSC.nl Warns of Cl0p Ransomware Campaigns Targeting File Transfer Systems

Critical Vulnerabilities in FortiOS and FortiProxy Lead to Ransomware Attacks: NCSC Warns of Exploitation

You may have missed

Anthropic’s Claude AI Gains Autonomous Conversation Termination to Mitigate Abuse

U.S. Sanctions Grinex Crypto-Exchange as Garantex Successor in Crackdown on Ransomware Money Laundering

Meta’s Erroneous Instagram Account Bans: Technical Implications for Security Teams

Supreme Court’s Decision on Mississippi Social Media Age Verification Law: Technical and Legal Implications