Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution

WordPress Core versions prior to 6.3.2 suffer from arbitrary shortcode execution, cross site scripting, denial of service, and information leakage vulnerabilities. Versions prior to 6.3.2 are vulnerable.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#dos#java#wordpress#intel#backdoor#rce#auth
CVE-2023-4995: Embed Calendly <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Ransomware attacks doubled year on year. Are organizations equipped to handle the evolution of Ransomware in 2023?

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to bypass common defense strategies effectively.  This article will cover just some of those new developments in Q3-2023 as well as give predictions on quarters to

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's

Top resources for Cybersecurity Awareness Month

Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.

LinkedIn Phishing Scam Exploits Smart Links to Steal Microsoft Accounts

By Deeba Ahmed LinkedIn and Microsoft users, watch out for this phishing scam! This is a post from HackRead.com Read the original post: LinkedIn Phishing Scam Exploits Smart Links to Steal Microsoft Accounts

CVE-2023-25774: TALOS-2023-1743 || Cisco Talos Intelligence Group

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

CVE-2023-32275: TALOS-2023-1753 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.