Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Smishing Triad: The Scam Group Stealing the World’s Riches

Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations—and quickly innovating.

Wired
Open in Source
#web#android#apple#google#git#perl#auth#jira
Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Malwarebytes has been rewarded with prestigious accolades by two renowned publications, PCMag and CNET.

Data Breach at Planned Parenthood Lab Partner Exposes Info of 1.6M

Data breach at Laboratory Services Cooperative (LSC) exposed the sensitive health and personal information of 1.6 million individuals…

Morocco Investigates Social Security Agency Data Leak

A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.

Homeland Security Email Tells a US Citizen to 'Immediately' Self-Deport

An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to—and who actually received it—is far from clear.

GHSA-f87w-3j5w-v58p: CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) https://nvd.nist.gov/vuln/detail/CVE-2025-2783 https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://issues.chromium.org/issues/405143032

GHSA-vrq4-9hc3-cgp7: TigerVNC accessible via the network and not just via a UNIX socket as intended

## Summary `jupyter-remote-desktop-proxy` was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by `jupyter-remote-desktop-proxy` were still accessible via the network. This vulnerability does not affect users having TurboVNC as the `vncserver` executable. ## Credits This vulnerability was identified by Arne Gottwald at University of Göttingen and analyzed, reported, and reviewed by @frejanordsiek.

GHSA-m454-3xv7-qj85: CVE-2025-1386- Query smuggling in ch-go library

### Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. ### Patches If you are using ch-go library, we recommend you to update to at least version 0.65.0. ### Credit This issue was found by lixts and reported through our bugcrowd program.

GHSA-2xm2-23ff-p8ww: Formie has XSS vulnerability for email notification content for preview

### Impact It is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. ### Patches This has been fixed in Formie 2.1.44. Users should ensure they are running at least this version.

Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing

Russian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…