0day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads
A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function. Summernote is a…
Category: GBHackers
Hackers Exploiting MS Office Editor Vulnerability Deploy Keylogger
Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group. The group has been exploiting a known vulnerability (CVE-2017-11882) in the Microsoft…
Ivanti EPM SQL Injection Flaw Let Attackers Execute Remote Code
In May 24, 2024, Zero-Day Initiative released a security advisory for Ivanti EPM which was associated with SQL injection Remote code execution vulnerability. This vulnerability…
CISA Warns of Scammers Impersonating as CISA Employees
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge in impersonation scams. These scams often involve fraudsters pretending to be…
Microsoft Window Ntqueryinformationtoken Flaw Escalate Privilege
Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088. With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations. The vulnerability resides in…
Indian National Jailed For Hacked Servers Of Company
An Indian national was sentenced to two years and eight months in jail for unauthorized access to his former employer’s computer systems, resulting in substantial…
256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw
Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote Code Execution (RCE) flaw in Microsoft Message Queuing (MSMQ) services. The…
Hackers Exploiting Linux SSH Services to Deploy Malware
SSH and RDP provide remote access to server machines (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if solid passwords…
JetBrains Warns of GitHub Plugin that Exposes Access Tokens
A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and later) exposed access tokens to malicious content within GitHub pull requests,…
Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access
Hackers go for Apple due to its massive user base along with rich customers, including business people and managers who use those devices with some…
Firefox 127 Released With patch for 15 Vulnerabilities
Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been rated as high impact. This update is crucial for users to…
Pure Storage Data Breach Following Snowflake Hack
Pure Storage has confirmed that a third party temporarily gained unauthorized access to a Snowflake data analytics workspace. This workspace contained telemetry information used by…