Aggregator

Operation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams.

The post Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa appeared first on CyberScoop.

A threat actor claims to be publishing additional databases tied to Indonesian Professional Certification Institutes (LSP), alleging that more than 20 LSP datasets have been obtained and are being released as part of an ongoing extortion-driven leak campaign.

A threat actor claims to have leaked a database tied to Dinas Penanaman Modal dan Pelayanan Terpadu Satu Pintu Kabupaten Belu (DPMPTSP), the Indonesian local government agency responsible for investment services and integrated business licensing in Belu Regency.

Currently trending CVE - Hype Score: 5 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Currently trending CVE - Hype Score: 33 - Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, ...

Currently trending CVE - Hype Score: 1 - In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via ...

Currently trending CVE - Hype Score: 10 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 6 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) ...

Currently trending CVE - Hype Score: 8 - An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length ...

Currently trending CVE - Hype Score: 5

Currently trending CVE - Hype Score: 5 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one ...

Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker ...

Currently trending CVE - Hype Score: 5 - In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths ...

On Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.

The newly discovered Reaper malware bypasses Apple's macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor.

A vulnerability, which was classified as critical, has been found in gravitl netmaker up to 0.8.4/0.9.3. This affects an unknown function. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is referenced as CVE-2022-0664. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Netmaker up to 0.8.4/0.9.3. It has been classified as critical. This affects an unknown function. Performing a manipulation results in use of hard-coded cryptographic key . This vulnerability was named CVE-2022-23650. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.