New ruby packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ruby-3.0.7-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex...
6.5AI Score
EPSS
UnitedHealth Group has given an update on the February cyberattack on Change Healthcare, one of its subsidiaries. In the update, the company revealed the scale of the breach, saying: “Based on initial targeted data sampling to date, the company has found files containing protected health...
7.5AI Score
7.5AI Score
Slackware Linux 15.0 / current freerdp Vulnerability (SSA:2024-113-01)
The version of freerdp installed on the remote host is prior to 2.11.7. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-113-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.2AI Score
Exploit for Improper Ownership Management in Linux Linux Kernel
安装编译环境 ``bash sudo apt install -y gcc libfuse-dev...
7.8CVSS
6.6AI Score
0.0004EPSS
New freerdp packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/freerdp-2.11.7-i586-1_slack15.0.txz: Upgraded. This release eliminates a bunch of issues detected during oss-fuzz runs. (...
7.4AI Score
Billions of scraped Discord messages up for sale
Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard.....
6.8AI Score
9.8CVSS
9AI Score
0.0004EPSS
New freerdp packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/freerdp-2.11.6-i586-1_slack15.0.txz: Upgraded. This release is a security release and addresses multiple issues: [Low] OutOfBound...
9.8CVSS
7.2AI Score
0.0004EPSS
6.7AI Score
0.0005EPSS
Slackware Linux 15.0 / current freerdp Multiple Vulnerabilities (SSA:2024-110-01)
The version of freerdp installed on the remote host is prior to 2.11.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-110-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...
9.8CVSS
9.3AI Score
0.0004EPSS
New glibc packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaa_glibc-solibs-2.33-i586-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-i586-6_slack15.0.txz: Rebuilt. This update fixes a...
7.5AI Score
0.0005EPSS
Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million
The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...
7.5AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
8.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
8.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
8.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
6.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Slackware Linux 15.0 / current aaa_glibc-solibs Vulnerability (SSA:2024-109-01)
The version of aaa_glibc-solibs installed on the remote host is prior to 2.33 / 2.39. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-109-01 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by...
7.7AI Score
0.0005EPSS
Ungallery <= 2.2.4 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.9AI Score
0.0004EPSS
7.5AI Score
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1322-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1322-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
8.4AI Score
EPSS
[slackware-security] mozilla-thunderbird
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.10.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. ...
7.4AI Score
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...
7AI Score
Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2024-108-01)
The version of mozilla-thunderbird installed on the remote host is prior to 115.10.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-108-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.2AI Score
6.8AI Score
0.0004EPSS
[slackware-security] mozilla-firefox
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.10.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For...
6.6AI Score
0.0004EPSS
Giant Tiger breach sees 2.8 million records leaked
Someone has posted a database of over 2.8 million records to a hacker forum, claiming they originated from a March 2024 hack at Canadian retail chain Giant Tiger. When asked, they posted a small snippet as proof. The download of the full database is practically free for other active members of...
7.2AI Score
This repo is made to reproduce fuzzing and analysis process of...
5.5CVSS
6AI Score
0.0004EPSS
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-107-01)
The version of mozilla-firefox installed on the remote host is prior to 115.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-107-01 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable ...
7.3AI Score
0.0004EPSS
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I.....
6.7AI Score
9.4CVSS
8.4AI Score
0.006EPSS
5.5CVSS
5.7AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
Vulnerabilidad CVE-2024-3400 Descripción La...
10CVSS
9.8AI Score
0.957EPSS
New less packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/less-653-i586-1_slack15.0.txz: Upgraded. This update patches a security issue: less through 653 allows OS command execution via a...
7.5AI Score
0.0004EPSS
Slackware Linux 15.0 / current less Vulnerability (SSA:2024-105-01)
The version of less installed on the remote host is prior to 653. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-105-01 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in...
7.4AI Score
0.0004EPSS
Updated rear packages fix security vulnerability
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root....
5.5CVSS
7.3AI Score
0.0004EPSS
Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...
8CVSS
7.6AI Score
EPSS
New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.28-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection via array-ish $command parameter of...
9.4CVSS
10AI Score
0.006EPSS
How to change your Social Security Number
After seeing their Social Security Number (SSN) leaked in the AT&T breach, some US citizens are wondering if and how they can change their SSN. The good news is that even though it’s a challenging process, it is possible. But if you've ever had to abandon an email address that you used for years,.....
6.8AI Score
Slackware Linux 15.0 / current php81 Multiple Vulnerabilities (SSA:2024-103-01)
The version of php81 installed on the remote host is prior to 8.1.28 / 8.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-103-01 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...
9.4CVSS
8.9AI Score
0.006EPSS
8.8CVSS
7.4AI Score
0.002EPSS
8.8CVSS
7.4AI Score
EPSS
8.8CVSS
7.4AI Score
0.002EPSS
How to check if your data was exposed in the AT&T breach
AT&T has notified US state authorities and regulators about its recent (or not) data breach, saying 51,226,382 people were affected. For those that have missed the story so far: Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T. On March 20, 2024, we reported how the data...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS