Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly

TALOS
Open in Source
#sql#web#ios#mac#windows#google#microsoft#cisco#js#git#java#php#perl#pdf#auth#ssl
GHSA-p3rv-qj56-2fqx: Cross-site Scripting in Pyhtml2pdf

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

GHSA-3jcv-5f9p-2f2p: Cross-site Scripting in electron-pdf

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

Russian Hackers Hit Mail Servers in Europe for Political and Military Intel

By Deeba Ahmed Email servers compromised in 80 organizations as Russian-linked TAG-70 group targets European governments. This is a post from HackRead.com Read the original post: Russian Hackers Hit Mail Servers in Europe for Political and Military Intel

SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds

By Deeba Ahmed From Banking Apps to Crypto Wallets: SpyNote Malware Evolves for Financial Gain. This is a post from HackRead.com Read the original post: SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds

Israeli NSO Group Suspected of “MMS Fingerprint” Attack on WhatsApp

By Waqas The latest report from Swedish telecom security firm Enea sheds light on security vulnerabilities within the widely used messaging platform, WhatsApp. This is a post from HackRead.com Read the original post: Israeli NSO Group Suspected of “MMS Fingerprint” Attack on WhatsApp

Ivanti VPN Flaws Exploited by DSLog Backdoor and Crypto Miners

By Deeba Ahmed Ivanti has released patches for vulnerabilities found in its enterprise VPN appliances, including two flagged as exploited zero-days… This is a post from HackRead.com Read the original post: Ivanti VPN Flaws Exploited by DSLog Backdoor and Crypto Miners

Beyond the Charts -The Human Factor in Cybersecurity and Financial Decisions

By Owais Sultan Beneath the surface of those analytical gear lies a crucial element that regularly shapes the future of investments… This is a post from HackRead.com Read the original post: Beyond the Charts -The Human Factor in Cybersecurity and Financial Decisions

Data Breach Affects 66,000 in SIM-Swapping Attacks on US Insurance Giants

By Waqas The data breach targeted insurance giants Washington National Insurance Company and Bankers Life and Casualty Company. This is a post from HackRead.com Read the original post: Data Breach Affects 66,000 in SIM-Swapping Attacks on US Insurance Giants

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer