Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Fileless protection explained: Blocking the invisible threat others miss

Your antivirus scans files. But what about attacks that never create files? Here's how we catch the threats hiding on your family's computers.

Malwarebytes
Open in Source
#web#ios#mac#windows#git#java#backdoor#auth
Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar

Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country? Those days are over. Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don't need to be smart; they just need to subscribe to the right AI tool. We are witnessing the industrialization of

7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users

Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.

GHSA-fxp5-37mh-vff5: BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. The Rust crate, named "evm-units," was uploaded to crates.io in mid-April 2025 by a user named "ablerust,"

Russia Wants This Mega Missile to Intimidate the West, but It Keeps Crashing

One of Vladimir Putin’s favorite sabers to rattle seems to have lost its edge.

GHSA-mcxq-54f4-mmx5: FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).

GHSA-5xw2-57jx-pgjp: GrapesJsBuilder File Upload allows all file uploads

### Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ### Impact If the media folder is not restricted from running files this can lead to a remote code execution.

GHSA-3fq7-c5m8-g86x: Mautic user without privileged access to the Marketplace can install and uninstall composer packages

### Summary A non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ### Impact A low-privileged user of the platform can install malicious code to obtain higher privileges.

Your Data Might Determine How Much You Pay for Eggs

A newly enacted New York law requires retailers to say whether your data influences the price of basic goods like a dozen eggs or toilet paper, but not how.