Aggregator

Kentico Xperience CMS XSS Vulnerability Allows Remote Code Execution

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
11 months 2 weeks ago

Kentico Xperience CMS, a widely used platform designed for enterprises and organizations, is under scrutiny after a vulnerability chain was discovered that exploits Cross-Site Scripting (XSS) to enable Remote Code Execution (RCE). This vulnerability was disclosed by researchers who demonstrated its potential harm through a detailed proof of concept. CVE-2025-2748: Cross-Site Scripting Vulnerability According to […]

The post Kentico Xperience CMS XSS Vulnerability Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2024-3916 | Swift Framework Plugin up to 2.7.31 on WordPress Shortcode cross site scripting

Vuldb Updates
11 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Swift Framework Plugin up to 2.7.31 on WordPress. This affects an unknown part of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-3916. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-4383 | Simple Membership Plugin up to 4.4.5 on WordPress Shortcode cross site scripting

Vuldb Updates
11 months 2 weeks ago
A vulnerability was found in Simple Membership Plugin up to 4.4.5 on WordPress and classified as problematic. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-4383. The attack may be initiated remotely. There is no exploit available.
vuldb.com

Tax Season Threat Surge 

Security Boulevard
11 months 2 weeks ago

Veriti Research has identified a significant rise in tax-related malware samples across multiple platforms. The research team discovered malware samples targeting Android, Linux, and Windows, all connected to the same adversary operating from a single IP address.  We believe the attacker is running multiple parallel campaigns and using “Malware-as-a-Service” tools to target various platforms simultaneously, […]

The post Tax Season Threat Surge  appeared first on VERITI.

The post Tax Season Threat Surge  appeared first on Security Boulevard.

Veriti Research

LensDeal Data Breach Exposes 100,000 Customers’ Personal Information

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
11 months 2 weeks ago

A major data breach involving LensDeal, a Netherlands-based contact lens supplier, has reportedly exposed the personal information of over 100,000 customers. According to the Cyber Security Hub post, the breach affects 115,096 individuals and includes sensitive details such as full names, birthdates, email addresses, hashed passwords, IP addresses, and in some cases, company details. Some […]

The post LensDeal Data Breach Exposes 100,000 Customers’ Personal Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency

Security Affairs
11 months 2 weeks ago
France fines Apple €150M for abusing its dominance in ATT consent practices on iOS and iPadOS from 2021 to 2023. France’s Autorité de la concurrence fined Apple €150M for abusing its dominance in App Tracking Transparency (ATT) consent practices on iOS and iPadOS between April 26, 2021 and July 25, 2023. Apple launched ATT with […]
Pierluigi Paganini

Managed ad