Security
Headlines
HeadlinesLatestCVEs

Latest News

Scavenger Trojan Targets Crypto Wallets via Game Mods and Browser Flaws

New Scavenger Trojan steals crypto wallet data using fake game mods and browser flaws, targeting MetaMask, Exodus, Bitwarden, and other popular apps.

HackRead
Open in Source
#vulnerability#web#mac#windows#git#perl#chrome
Law Enforcement Cracks Down on XSS — but Will It Last?

The arrest of a suspected administrator for the popular cybercrime forum was one of several enforcement actions in the past week targeting malicious activity.

Ransomware Actors Pile on 'ToolShell' SharePoint Bugs

Storm-2603, a China-based threat actor, is targeting SharePoint customers in an ongoing ransomware campaign.

GHSA-vr59-gm53-v7cq: XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter

### Impact It's possible for anyone to inject SQL using the parameter sort of the `getdeleteddocuments.vm`. It's injected as is as an ORDER BY value. One can see the result of the injection with http://127.0.0.1:8080/xwiki/rest/liveData/sources/liveTable/entries?sourceParams.template=getdeleteddocuments.vm&sort=injected (this example does not work, but it shows that an HQL query was executed with the passed value which look nothing like an order by value, without any kind of sanitation). ### Patches This has been patched in 17.3.0-rc-1, 16.10.6. ### Workarounds There is no known workaround, other than upgrading XWiki. ### References https://jira.xwiki.org/browse/XWIKI-23093 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org) ### Attribution The vulnerability was identifier by Aleksey Solovev from Positive Technologies.

BRB, pausing for a "Sanctuary Moon" marathon

Get to know the real people behind cybersecurity’s front lines. In this week’s newsletter, sci-fi meets reality, humanity powers technology and a few surprises are waiting to be discovered.

Top IT Staff Augmentation Companies in USA 2025

Staff augmentation is a strategy for smart tech teams looking to launch something big. Trying to plug skill gaps or scale without the overhead? Collaborate with a trusted IT staff augmentation company.

Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems

Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if successfully exploited, could allow an unauthenticated attacker to conduct an authentication bypass attack

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, observed this year, is primarily designed Now to infiltrate organizations' VMware ESXi and vCenter environments as well as network appliances, Sygnia said in a new report published today. "The threat actor leveraged combinations of

Replit AI Agent Deletes Sensitive Data Despite Explicit Instructions

Replit AI agent deleted data from 1,200+ executives and companies without permission, raising concerns about AI safety and control in live environments.

A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats

Security flaws in Airportr, a door-to-door luggage checking service used by 10 airlines, let hackers access user data and even gain privileges that would have let them redirect or steal luggage.