TP-Link Smart Bulb Spills Wi-Fi Passwords
Security researchers from Italy and London have discovered several vulnerabilities in a popular brand of smart light bulbs, which could...
Year: 2023
Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset
Cybersecurity researchers from ESET have uncovered a malicious toolset named Spacecolon that has been deployed to spread variants of the...
Doubling of Identity Theft Victims With Suicidal Thoughts
Some 16% of American identity theft victims have had suicidal thoughts following their experiences, up from just 8% in 2020,...
Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks
Check Point Research has released its 2023 Mid-Year Security Report. The research reveals a concerning 8% surge in global weekly...
WinRAR Vulnerability Affects Traders Worldwide
Cybersecurity researchers have exposed a zero-day vulnerability (CVE-2023-38831) in the popular WinRAR compression tool, which cyber-criminals have exploited to target...
XLoader MacOS Malware Variant Returns With OfficeNote Facade
The notorious XLoader malware has resurfaced, posing as a seemingly innocuous office productivity app named “OfficeNote.”Known for its malicious activities...
Duolingo – 2,676,696 breached accounts
HIBP In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained...
US-CERT Vulnerability Summary for the Week of August 14, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofoldingathome -- client_advanced_controlAn issue was discovered in FoldingAtHome Client Advanced Control GUI...
Evil QR – Proof-of-concept To Demonstrate Dynamic QR Swap Phishing Attacks In Practice
Toolkit demonstrating another approach of a QRLJacking attack, allowing to perform remote account takeover, through sign-in QR code phishing. It...
Meta Set to Enable Default End-to-End Encryption on Messenger by Year End
Meta has once again reaffirmed its plans to roll out support for end-to-end encryption (E2EE) by default for one-to-one friends...
North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
The U.S. Federal Bureau of Investigation (FBI) on Tuesday warned that threat actors affiliated with North Korea may attempt to...
Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11,...
Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks
A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab...
Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware
A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs...
TPLink Smart bulb Tapo series L530 and Tapo Application information disclosure | CVE-2023-38906
NAME__________TPLink Smart bulb Tapo series L530 and Tapo Application information disclosurePlatforms Affected:TPLink Smart bulb Tapo series L530 1.0.0 TPLink Tapo...
IBM Robotic Process Automation information disclosure | CVE-2023-40370
NAME__________IBM Robotic Process Automation information disclosurePlatforms Affected:IBM Robotic Process Automation 21.0.0 IBM Robotic Process Automation 21.0.7.1Risk Level:3.7Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________IBM Robotic...
TPLink Smart bulb Tapo series L530 and Tapo Application information disclosure | CVE-2023-38909
NAME__________TPLink Smart bulb Tapo series L530 and Tapo Application information disclosurePlatforms Affected:TPLink Smart bulb Tapo series L530 1.0.0 TPLink Tapo...
Puma HTTP request smuggling | CVE-2023-40175
NAME__________Puma HTTP request smugglingPlatforms Affected:Puma Puma 5.6.6 Puma Puma 6.3.0Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Puma is vulnerable to HTTP request smuggling, caused...
EnterpriseDB Postgres Advanced Server UTL_ENCODE information disclosure |
NAME__________EnterpriseDB Postgres Advanced Server UTL_ENCODE information disclosurePlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB Postgres Advanced...
Typora directory traversal | CVE-2023-2316
NAME__________Typora directory traversalPlatforms Affected:Typora Typora 1.6.0 Typora Typora 1.5.0Risk Level:6.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Typora could allow a remote attacker to traverse directories...
TPLink Smart bulb Tapo series L530 and Tapo Application information disclosure | CVE-2023-38908
NAME__________TPLink Smart bulb Tapo series L530 and Tapo Application information disclosurePlatforms Affected:TPLink Smart bulb Tapo series L530 1.0.0 TPLink Tapo...
Veilid denial of service | CVE-2023-40711
NAME__________Veilid denial of servicePlatforms Affected:Veilid Veilid 0.1.8Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Veilid is vulnerable to a denial of service, caused by...
Cockpit cross-site scripting | CVE-2023-4451
NAME__________Cockpit cross-site scriptingPlatforms Affected:Cockpit-HQ Cockpit 2.6.3Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Cockpit is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
IBM Robotic Process Automation privilege escalation | CVE-2023-38734
NAME__________IBM Robotic Process Automation privilege escalationPlatforms Affected:IBM Robotic Process Automation 21.0.0 IBM Robotic Process Automation 23.0.0 IBM Robotic Process Automation...
