Year: 2023

New ‘Bad Magic’ Cyber Threat Disrupts Ukraine’s Key Sectors Amid War

March 22, 2023

Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have...

ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

March 22, 2023

The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to...

NAPLISTENER: New Malware in REF2924 Group’s Arsenal for Bypassing Detection

March 22, 2023

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in...

Preventing Insider Threats in Your Active Directory

March 22, 2023

Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes...

LockBit 3.0 Ransomware Victim: mangiainc[.]com

March 22, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: cabinet-paillet[.]fr

March 22, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: kaycan[.]com

March 22, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Discourse denial of service | CVE-2023-28107

March 22, 2023

NAME__________Discourse denial of servicePlatforms Affected:Risk Level:4.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Discourse is vulnerable to a denial of service, caused by improper allocation...

silverstripe/graphql denial of service | CVE-2023-28104

March 22, 2023

NAME__________silverstripe/graphql denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________silverstripe/graphql is vulnerable to a denial of service, caused by a flaw...

Discourse server-side request forgery | CVE-2023-28111

March 22, 2023

NAME__________Discourse server-side request forgeryPlatforms Affected:Risk Level:5.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Discourse is vulnerable to server-side request forgery, caused by a flaw in the...

RockOA file upload | CVE-2023-1501

March 22, 2023

NAME__________RockOA file uploadPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________RockOA could allow a remote authenticated attacker to upload arbitrary files, caused by improper...

Discourse cross-site scripting | CVE-2023-26040

March 22, 2023

NAME__________Discourse cross-site scriptingPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Discourse is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...

svg-sanitizer cross-site scripting | CVE-2023-28426

March 22, 2023

NAME__________svg-sanitizer cross-site scriptingPlatforms Affected:svg-sanitizer svg-sanitizer 0.15.4Risk Level:5.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________svg-sanitizer is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Discourse information disclosure | CVE-2023-23622

March 22, 2023

NAME__________Discourse information disclosurePlatforms Affected:Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Discourse could allow a remote attacker to obtain sensitive information, caused by a flaw...

Discourse server-side request forgery | CVE-2023-28112

March 22, 2023

NAME__________Discourse server-side request forgeryPlatforms Affected:Risk Level:5.9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Discourse is vulnerable to server-side request forgery, caused by a flaw in the...

Pimcore cross-site scripting | CVE-2023-28429

March 22, 2023

NAME__________Pimcore cross-site scriptingPlatforms Affected:Pimcore Pimcore 10.5.18Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Pimcore is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

RapidLoad Power-Up for Autoptimize Plugin for WordPress cross-site request forgery | CVE-2023-1472

March 22, 2023

NAME__________RapidLoad Power-Up for Autoptimize Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress RapidLoad Power-Up for Autoptimize Plugin for WordPress 1.7.1Risk Level:6.3Exploitability:UnprovenConsequences:Gain...

Simple Art Gallery cross-site scripting | CVE-2023-1500

March 22, 2023

NAME__________Simple Art Gallery cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Simple Art Gallery is vulnerable to cross-site scripting, caused by improper validation...

Discourse cross-site scripting | CVE-2023-25172

March 22, 2023

NAME__________Discourse cross-site scriptingPlatforms Affected:Risk Level:4.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Discourse is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...

GoToWP Plugin for WordPress cross-site scripting | CVE-2023-0369

March 22, 2023

NAME__________GoToWP Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress GoToWP Plugin for WordPress 5.1.1Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________GoToWP Plugin for WordPress is vulnerable...

Human Resource Management System /hrm/controller/login.php SQL injection |

March 22, 2023

NAME__________Human Resource Management System /hrm/controller/login.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Human Resource Management System is vulnerable to SQL injection. A...

Camera slideshow Plugin for WordPress cross-site scripting | CVE-2023-22682

March 22, 2023

NAME__________Camera slideshow Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Camera slideshow Plugin for WordPress 1.4.0.1Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Camera slideshow Plugin for...

WP htpasswd Plugin for WordPress cross-site scripting | CVE-2023-25064

March 22, 2023

NAME__________WP htpasswd Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WP htpasswd Plugin for WordPress 1.7Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP htpasswd Plugin for...

David Gwyer Admin Log Plugin for WordPress cross-site request forgery | CVE-2023-23721

March 22, 2023

NAME__________David Gwyer Admin Log Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Admin Log Plugin for WordPress 1.50Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________David...

Year: 2023

New ‘Bad Magic’ Cyber Threat Disrupts Ukraine’s Key Sectors Amid War

ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

NAPLISTENER: New Malware in REF2924 Group’s Arsenal for Bypassing Detection

Preventing Insider Threats in Your Active Directory

LockBit 3.0 Ransomware Victim: mangiainc[.]com

LockBit 3.0 Ransomware Victim: cabinet-paillet[.]fr

LockBit 3.0 Ransomware Victim: kaycan[.]com

Discourse denial of service | CVE-2023-28107

silverstripe/graphql denial of service | CVE-2023-28104

Discourse server-side request forgery | CVE-2023-28111

RockOA file upload | CVE-2023-1501

Discourse cross-site scripting | CVE-2023-26040

svg-sanitizer cross-site scripting | CVE-2023-28426

Discourse information disclosure | CVE-2023-23622

Discourse server-side request forgery | CVE-2023-28112

Pimcore cross-site scripting | CVE-2023-28429

RapidLoad Power-Up for Autoptimize Plugin for WordPress cross-site request forgery | CVE-2023-1472

Simple Art Gallery cross-site scripting | CVE-2023-1500

Discourse cross-site scripting | CVE-2023-25172

GoToWP Plugin for WordPress cross-site scripting | CVE-2023-0369

Human Resource Management System /hrm/controller/login.php SQL injection |

Camera slideshow Plugin for WordPress cross-site scripting | CVE-2023-22682

WP htpasswd Plugin for WordPress cross-site scripting | CVE-2023-25064

David Gwyer Admin Log Plugin for WordPress cross-site request forgery | CVE-2023-23721

[RANSOMHUB] – Ransomware Victim: www[.]americanstandard-us[.]com

[SPACEBEARS] – Ransomware Victim: Christian Community Aid

[CLOP] – Ransomware Victim: JOMARSOFTCORP[.]COM

Microsoft Monthly Security Update (October 2024)

CVE Alert: CVE-2025-21566

You may have missed