The SSPM Justification Kit
SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations...
OSINT
CVE Alert: CVE-2024-47068
Vulnerability Summary: CVE-2024-47068 Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a...
CVE Alert: CVE-2024-34331
Vulnerability Summary: CVE-2024-34331 A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to...
CVE Alert: CVE-2024-47066
Vulnerability Summary: CVE-2024-47066 Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection...
CVE Alert: CVE-2024-46985
Vulnerability Summary: CVE-2024-46985 DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML...
CVE Alert: CVE-2024-46997
Vulnerability Summary: CVE-2024-46997 DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve...
CVE Alert: CVE-2024-47069
Vulnerability Summary: CVE-2024-47069 Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a...
CVE Alert: CVE-2024-0003
Vulnerability Summary: CVE-2024-0003 A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to...
CVE Alert: CVE-2024-0004
Vulnerability Summary: CVE-2024-0004 A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands...
CVE Alert: CVE-2023-46948
Vulnerability Summary: CVE-2023-46948 A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote...
CVE Alert: CVE-2024-9014
Vulnerability Summary: CVE-2024-9014 pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows...
[CICADA3301] – Ransomware Victim: Model Engineering
Ransomware Group: CICADA3301 VICTIM NAME: Model Engineering NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
Telegram Agrees to Share User Data With Authorities for Criminal Investigations
In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone...
CVE Alert: CVE-2024-0002
Vulnerability Summary: CVE-2024-0002 A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access...
CVE Alert: CVE-2024-39342
Vulnerability Summary: CVE-2024-39342 Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses...
CVE Alert: CVE-2024-39843
Vulnerability Summary: CVE-2024-39843 A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command...
CVE Alert: CVE-2024-0005
Vulnerability Summary: CVE-2024-0005 A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely...
CVE Alert: CVE-2024-0001
Vulnerability Summary: CVE-2024-0001 A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active...
CVE Alert: CVE-2024-46639
Vulnerability Summary: CVE-2024-46639 A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML...
CVE Alert: CVE-2024-44540
Vulnerability Summary: CVE-2024-44540 Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command...
CVE Alert: CVE-2024-43201
Vulnerability Summary: CVE-2024-43201 The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail...
CVE Alert: CVE-2024-39842
Vulnerability Summary: CVE-2024-39842 A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command...
CVE Alert: CVE-2024-37779
Vulnerability Summary: CVE-2024-37779 WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the...
GameVN – 1,369,485 breached accounts
HIBP In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of...