Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps

Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application," researchers from CSIRT KNF said in an analysis released last week. "The

The Hacker News
Open in Source
#web#android#mac#google#git#samsung#auth#chrome#The Hacker News
Fake Ads Manager Software and Malicious Extensions Target Facebook Accounts

By Deeba Ahmed The attack's perpetrators are Vietnamese, as confirmed by Malwarebytes. This is a post from HackRead.com Read the original post: Fake Ads Manager Software and Malicious Extensions Target Facebook Accounts

Google Removes Swing VPN Android App Exposed as DDoS Botnet

By Waqas The developer behind the malicious app, Limestone Software Solutions, has also been banned from the Google Play Store. This is a post from HackRead.com Read the original post: Google Removes Swing VPN Android App Exposed as DDoS Botnet

CVE-2023-36888

Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

CVE-2023-36887

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2023-38286: GitHub - p1n93r/SpringBootAdmin-thymeleaf-SSTI: SpringBootAdmin-thymeleaf-SSTI which can cause RCE

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe

By Habiba Rashid Due to privacy concerns, Meta has not yet released the Threads app in EU countries, creating a loophole for criminals to upload fake versions of the app. This is a post from HackRead.com Read the original post: Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe

CVE-2023-37743: Teacher Subject Allocation Management System in PHP | Teacher Subject Allocation Management Project

A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.

CVE-2023-37745: Maid Hiring Management System | Maid Hiring Management Project in PHP

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.