Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum...
OSINT
A Comprehensive Guide to Finding Service Accounts in Active Directory
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they...
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way...
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as...
CVE Alert: CVE-2024-8625
Vulnerability Summary: CVE-2024-8625 The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it...
CVE Alert: CVE-2024-43945
Vulnerability Summary: CVE-2024-43945 Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from...
CVE Alert: CVE-2024-10202
Vulnerability Summary: CVE-2024-10202 Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges...
CVE Alert: CVE-2024-47328
Vulnerability Summary: CVE-2024-47328 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By...
CVE Alert: CVE-2024-10200
Vulnerability Summary: CVE-2024-10200 Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this...
CVE Alert: CVE-2024-49273
Vulnerability Summary: CVE-2024-49273 Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3. Affected Endpoints:...
CVE Alert: CVE-2024-6519
Vulnerability Summary: CVE-2024-6519 A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can...
CVE Alert: CVE-2024-49293
Vulnerability Summary: CVE-2024-49293 Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects...
CVE Alert: CVE-2024-48231
Vulnerability Summary: CVE-2024-48231 Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php....
CVE Alert: CVE-2024-49321
Vulnerability Summary: CVE-2024-49321 Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This...
[MEDUSA] – Ransomware Victim: American Mechanical, inc
Ransomware Group: MEDUSA VICTIM NAME: American Mechanical, inc NOTE: No files or stolen information are by RedPacket Security. Any legal...
[MEDUSA] – Ransomware Victim: Automha
Ransomware Group: MEDUSA VICTIM NAME: Automha NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[MEDUSA] – Ransomware Victim: American Medical Billing
Ransomware Group: MEDUSA VICTIM NAME: American Medical Billing NOTE: No files or stolen information are by RedPacket Security. Any legal...
[RANSOMHUB] – Ransomware Victim: mauguio-carnon[.]com
Ransomware Group: RANSOMHUB VICTIM NAME: mauguio-carnoncom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[RANSOMHUB] – Ransomware Victim: donbosco-landser[.]net
Ransomware Group: RANSOMHUB VICTIM NAME: donbosco-landsernet NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its...
CVE Alert: CVE-2024-46239
Vulnerability Summary: CVE-2024-46239 Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php...
CVE Alert: CVE-2024-46238
Vulnerability Summary: CVE-2024-46238 Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter...
CVE Alert: CVE-2024-8305
Vulnerability Summary: CVE-2024-8305 prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where...
CVE Alert: CVE-2024-48709
Vulnerability Summary: CVE-2024-48709 CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in...
