Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-83fp-hh9m-c2jq: Piranha has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.

ghsa
Open in Source
#xss#vulnerability#web#auth
GHSA-54mj-vcvj-q3v5: Umbraco CMS has an arbitrary file upload vulnerability

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account. The package, named "lotusbail," has been downloaded over 56,000 times since it was first uploaded to the registry by a user named "

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

Kaspersky warns of 'Frogblight,' a new Android malware draining bank accounts in Turkiye. Learn how this 'court case' scam steals your data and how to stay safe.

Pornhub tells users to expect sextortion emails after data exposure

Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns.

Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan

Cybersecurity firm Ontinue reveals how the open-source tool Nezha is being used as a Remote Access Trojan (RAT) to bypass security and control servers globally.

⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can

How to Browse the Web More Sustainably With a Green Browser

As the internet becomes an essential part of daily life, its environmental footprint continues to grow.  Data centers, constant connectivity, and resource-heavy browsing habits all contribute to energy consumption and digital waste. While individual users may not see this impact directly, the collective effect of everyday browsing is significant. Choosing a browser designed with

Insider Threat: Hackers Paying Company Insiders to Bypass Security

A new report from Check Point Research reveals a growing trend of cyber criminals recruiting employees at banks, telecoms, and tech giants. Learn how hackers use the darknet and Telegram to offer payouts up to $15,000 for internal access to companies like Apple, Coinbase, and the Federal Reserve.

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. "Previously, users received 'pure' Trojan APKs that acted as malware immediately upon installation," Group-IB said in an analysis published last week. "Now, adversaries increasingly deploy