#web

By Deeba Ahmed Google will delete free Google accounts that have not been signed into for two years and do not have any active subscriptions. This is a post from HackRead.com Read the original post: Google to Delete Inactive Gmail Accounts From Today: What You Need to Know

A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response.

Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.

WBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.

Domain fronting is a technique to hide the true origin of HTTPS requests by hiding the real domain name encrypted inside a legitimate TLS request.

Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever.

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion.

The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 (CVSS score: 9.8) - A command injection vulnerability that could allow an

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to