5 ways threat actors can use ChatGPT to enhance attacks
The Cloud Security Alliance (CSA) has revealed five ways malicious actors can use ChatGPT to enhance their attack toolset in a new report exploring the...
USN-6037-1: Apache Commons Net vulnerability
ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious...
USN-6048-1: ZenLib vulnerability
It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input...
Man Gets Four Years for Stealing Bitcoins Seized by Feds
Individual stole millions subject to forfeiture Read More
Google Bans 173,000 Bad Developers in 2022
Efforts were part of a Google Play fraud and malware crackdown Read More
Piwigo – CVE-2023-26876
Posted by Rodolfo Tavares via Fulldisclosure on Apr 28 =====[ Tempest Security Intelligence - ADV-03/2023 ]========================== Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security...
Re: Checking existence of firewalled URLs via javascript’s script.onload
Posted by Jonathan Gregson via Fulldisclosure on Apr 28 Hi Georgi, As you suggested, this is a CSRF attack. Using such techniques to attack or...
Minecraft Clones with 35 Million Installs Contained Adware
McAfee discovered HiddenAds Trojan inside 38 copycat mobile games Read More
“Ashamed” LockBit ransomware gang apologises to hacked school, offers free decryption tool
Is it possible ransomware gangs actually do have a heart? Read more in my article on the Hot for Security blog. Read More
CVE-2020-4729
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker...