Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2021-31858: CVE-2021-31858 Stored Cross-Site Scripting in DotNetNuke

DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.

CVE
Open in Source
#xss#vulnerability#web#ios#android#apple#git#java#wordpress#auth
Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia"

Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and

CVE-2022-32958: 互動資通 Teamplus Pro - Allocation of Resources Without Limits or Throttling

A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.

Researchers Warn of New Variants of ChromeLoader Browser in the Wild

By Deeba Ahmed ChromeLoader malware is spread through pirated games, malicious QR codes, and cracked software that hijacks the victim’s web… This is a post from HackRead.com Read the original post: Researchers Warn of New Variants of ChromeLoader Browser in the Wild

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of

iPhones of Activists in Thailand Hacked by Israeli Pegasus Spyware

By Deeba Ahmed According to Thailand’s legal rights watchdog iLaw, the Pegasus spyware was used during street protests in 2020-2021, where Thai… This is a post from HackRead.com Read the original post: iPhones of Activists in Thailand Hacked by Israeli Pegasus Spyware

CVE-2021-22131: Fortiguard

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

CVE-2022-23745: Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and services

A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information.

Google Boots Multiple Malware-laced Android Apps from Marketplace

Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.

CVE-2022-26482: Security Center

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.