-
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe
The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to…
-
Embargo ransomware: Rock’n’Rust
Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit Go to Source
-
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)
“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online –…
-
Google Voice scams: What are they and how do I avoid them?
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers Go to Source
-
Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes
Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details Go to Source
-
GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe
ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities Go to Source
-
CVE-2025-0195 – Code-Projects Point of Sales and Inventory Management System SQL Injection
CVE ID : CVE-2025-0195 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/del_product.php. The manipulation of the argument id leads…
-
CVE-2024-56410 – “PhpSpreadsheet Custom Properties XSS”
CVE ID : CVE-2024-56410 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0,…
-
CVE-2024-56411 – PhpSpreadsheet XSS in Hyperlink Base
CVE ID : CVE-2024-56411 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability of the hyperlink base in the HTML page header. The HTML page is formed…
-
CVE-2024-56412 – PhpSpreadsheet Cross-Site Scripting (XSS) Bypass Vulnerability
CVE ID : CVE-2024-56412 Published : Jan. 3, 2025, 6:15 p.m. | 45 minutes ago Description : PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use…