Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2023-0357: GitHub - helpyio/helpy: Helpy is a modern, open source helpdesk customer support application. Features include knowledgebase, community discussions and support tickets integrated with email.

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.

CVE
Open in Source
#xss#vulnerability#web#google#ubuntu#linux#js#git#java#aws#oauth#auth#ruby#postgres#docker#ssl
CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture

Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.

CVE-2023-1823: Stable Channel Update for Desktop

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.

ChatGPT Has a Big Privacy Problem

Italy’s recent ban of Open AI’s generative text tool may just be the beginning of ChatGPT's regulatory woes.

CVE-2020-19698: XSS vulnerability found via <script> src attribute · Issue #700 · pandao/editor.md

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.

New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency

Chromium-based web browsers are the target of a new malware called Rilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring  browsing history, taking screenshots,

CVE-2023-23878: WordPress WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.

Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities

The stealer is for sale on dark web forums for $59 a month, or $540 for a lifetime subscription, which is relatively inexpensive compared to other infostealers.

Think Before You Share the Link: SaaS in the Real World

Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace’s homepage. It can be found six times on Microsoft 365’s homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are ‘collaboration’ will appear as part of the app’s key selling point.  By sitting on the cloud, content within