Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play out in waves once every few weeks. "This campaign is easily identified

The Hacker News
Open in Source
#vulnerability#web#linux#js#git#java#wordpress#php#backdoor#The Hacker News
CVE-2021-45985: Lua: bugs

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

RHSA-2023:1677: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update batch#5 (oVirt-4.5.3-5)

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, ...

CVE-2023-27727: SEGV src/njs_function.h:155:9 in njs_function_frame · Issue #617 · nginx/njs

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.

CVE-2023-27728: SEGV src/njs_json.c in njs_dump_is_recursive · Issue #618 · nginx/njs

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.

CVE-2023-27729: illegal memcpy during njs_vmcode_return in src/njs_vmcode.c · Issue #619 · nginx/njs

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.

CVE-2023-27730: SEGV src/njs_lvlhsh.c:176:16 in njs_lvlhsh_find · Issue #615 · nginx/njs

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.

How to Create a Mobile Application for Android OS Step by Step?

By Owais Sultan Android OS is available on 3.3 billion devices in 190 countries across the globe, making Android app development… This is a post from HackRead.com Read the original post: How to Create a Mobile Application for Android OS Step by Step?

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library

The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from South Korea-based KAIST WSP Lab on April 6, 2023, prompting vm2 to release a fix with version 3.9.15 on

Threat Roundup for March 31 to April 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 31 and April 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key