Security
Headlines
HeadlinesLatestCVEs

Tag

#google

httpdx 1.5.4 Denial Of Service

httpdx version 1.5.4 remote denial of service exploit.

Packet Storm
Open in Source
#vulnerability#web#windows#google#dos#git#perl#auth
23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits

Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

GHSA-733r-8xcp-w9mr: Flarum's logout Route allows open redirects

### Impact The Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. Sample: `example.com/logout?return=https://google.com`. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. Some ecosystem extensions modifying the logout route have already been affected. Sample: https://discuss.flarum.org/d/22229-premium-wordpress-integration/526 ### Patches The vulnerability has been fixed and published as flarum/core v1.8.5. All communities running Flarum should upgrade as soon as possible to v1.8.5 using: `composer update --prefer-dist --no-dev -a -W` You can then confirm you run the latest version using: `composer show flarum/core` ### Workarounds Some extensions modifying the logout route can remedy this issue if their im...

Easy Chat Server 3.1 Denial Of Service

Easy Chat Server version 3.1 suffers from a denial of service vulnerability.

How to Be More Anonymous Online

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

Easy File Sharing FTP Server 2.0 Denial Of Service

Easy File Sharing FTP Server version 2.0 suffers from a denial of service vulnerability.

CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library

By Waqas CISA Urges Swift Action as Two Critical Vulnerabilities Emerge. This is a post from HackRead.com Read the original post: CISA Warns of Exploited Vulnerabilities in Chrome and Excel Parsing Library

X Account of Google Cybersecurity Firm Mandiant Hacked in Crypto Scam

By Waqas The hackers changed Mandiant's Twitter handle from "@Mandiant" to "@phantomsolw." This is a post from HackRead.com Read the original post: X Account of Google Cybersecurity Firm Mandiant Hacked in Crypto Scam

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in

Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It's currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@