Security
Headlines
HeadlinesLatestCVEs

Latest News

Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

Wired
Open in Source
#vulnerability#windows#microsoft#git#oracle#zero_day
Banking Trojan Coyote Abuses Windows UI Automation

It's the first known instance of malware that abuses the UIA framework and has enabled dozens of attacks against banks and crypto exchanges in Brazil.

Dark Web Hackers Moonlight as Travel Agents

Hackers are using stolen goods such as credit cards and loyalty points to book travel for sometimes unsuspecting clients, and remote workers, SMBs, travel brands, and others are at risk.

Department of Education Site Mimicked in Phishing Scheme

An ongoing phishing campaign is using fake versions of the department's G5 grant portal, taking advantage of political turmoil associated with the DoE's 1,400 layoffs.

GHSA-vmhh-8rxq-fp9g: ImageMagick has XMP profile write that triggers hang due to unbounded loop

### Summary Infinite lines occur when writing during a specific XMP file conversion command ### Details ``` #0 GetXmpNumeratorAndDenominator (denominator=<optimized out>, numerator=<optimized out>, value=<optimized out>) at MagickCore/profile.c:2578 #1 GetXmpNumeratorAndDenominator (denominator=<synthetic pointer>, numerator=<synthetic pointer>, value=720000000000000) at MagickCore/profile.c:2564 #2 SyncXmpProfile (image=image@entry=0x555555bb9ea0, profile=0x555555b9d020) at MagickCore/profile.c:2605 #3 0x00005555555db5cf in SyncImageProfiles (image=image@entry=0x555555bb9ea0) at MagickCore/profile.c:2651 #4 0x0000555555798d4f in WriteImage (image_info=image_info@entry=0x555555bc2050, image=image@entry=0x555555bb9ea0, exception=exception@entry=0x555555b7bea0) at MagickCore/constitute.c:1288 #5 0x0000555555799862 in WriteImages (image_info=image_info@entry=0x555555bb69c0, images=<optimized out>, images@entry=0x555555bb9ea0, filename=<optimized out>, exception=0x555555b7bea0) at Ma...

What Makes Great Threat Intelligence?

Anyone can buy or collect data, but the goal must be to realize actionable insight relevant to the organization in question.

Crash Override Turns to ERM to Combat Visibility Challenges

The newly launched security startup provides an engineering relationship management platform that provides enterprises with visibility across code, infrastructure, and tools.

GHSA-269j-37ww-cmh3: Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.

FBI and CISA Warn of Interlock Ransomware Targeting Critical Infrastructure

FBI warns of Interlock ransomware using unique tactics to hit businesses and critical infrastructure with double extortion.

Stop AI Bot Traffic: Protecting Your Organization's Website

As crawlers and bots bog down websites in the era of AI, some researchers say that the solution for the Internet's most vulnerable websites is already here.