Pre Auth Remote Command Execution (CVE-2022-36804) – Assetnote
Often when performing application security research, we come across other researchers who have found critical vulnerabilities in software that can inspire us to dig deeper…
Latest Cybersecurity News — Page 5942
View all →
Australian police arrest four BEC actors who stole $1.7 million
The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between…
UK’s NCA infiltrates cybercrime market with fake DDoS sites
The agency set up several fake DDoS sites offering DDoS-for-hire services to infiltrate the online criminal marketplace. Remember when the Dutch police sent letters to…
Killnet targeting healthcare apps hosted on Microsoft Azure
Microsoft has detected that a Russian-affiliated hacking group dubbed Killnet has been targeting healthcare apps being hosted on the Azure cloud platform. The tech giant…
Government must take the lead on STEM diversity
MPs have asked the government to clarify how the newly created Department for Science, Innovation and Technology will help to increase diversity and inclusion in…
Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities
tl;dr ViewStates in JSF are serialized Java objects. If the used JSF implementation in a web application is not configured to encrypt the ViewState the…
ChatGPT payment data leak caused by open-source bug
OpenAI says a Redis client open-source library bug was behind Monday’s ChatGPT outage and data leak, where users saw other users’ personal information and chat…
Analysis: Will ChatGPT’s Perfect English Change the Game For Phishing Attacks?
[ This article was originally published here ] By John E. Dunn Nobody predicted how rapidly AI chatbots would change perceptions of what is possible.…
Seguridad de iOS – Web View XSS – allysonomalley.com
Esta entrada se trata de una vulnerabilidad sencilla, pero peligrosa, que he visto en varias ocasiones. Creo que esta falla debería ser mas conocida –…
UK creates fake DDoS-for-hire sites to identify cybercriminals
The U.K.’s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations.…
CISA Released a New Tool to Detect Hacking Activity
As part of its ongoing efforts to protect Microsoft cloud environments against malicious activity, CISA recently introduced an open-source incident response tool called the “Untitled…
LATEST CYBERTHREATS AND ADVISORIES – MARCH 24, 2023
[ This article was originally published here ] By John Weiler FBI arrests Breached hacking forum leader, smartphones hijacked without any user involvement and 330,000…