Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Cybersecurity Risks in Crypto: Phishing, Ransomware and Other Emerging Threats

Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your…

HackRead
Open in Source
#vulnerability#web#ios#git#auth#zero_day#wifi
Massive breach at location data seller: “Millions” of users affected

Data broker Gravy Analytics that collects location data and sells it to the US government has been breached.

GroupGreeting e-card site attacked in “zqxq” campaign 

This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes Malwarebytes recently uncovered...

Thousands of Live Hacker Backdoors Found in Expired Domains

SUMMARY Cybersecurity researchers at watchTowr have identified over 4,000 live hacker backdoors, exploiting abandoned infrastructure and expired domains.…

The School Shootings Were Fake. The Terror Was Real

The inside story of the teenager whose “swatting” calls sent armed police racing into hundreds of schools nationwide—and the private detective who tracked him down.

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join

GHSA-7rgp-4j56-fm79: Mattermost has Improper Check for Unusual or Exceptional Conditions

Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.

GHSA-6gf2-ffq8-gcww: GHSL-2024-288: SickChill open redirect in login

SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.

About Remote Code Execution – Apache Struts (CVE-2024-53677) vulnerability

About Remote Code Execution – Apache Struts (CVE-2024-53677) vulnerability. Apache Struts is an open source software framework for building Java web applications. It allows developers to separate the application’s business logic from the user interface. Due to its scalability and flexibility, Apache Struts is often used in large enterprise projects. A security bulletin describing the […]