CVE-2023-0551
The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such...
CVE-2023-0274
The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where...
CVE-2023-0058
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping,...
CVE-2022-4782
The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low...
USN-6292-1: Ceph vulnerability
It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root. Read More
How to Spot Fake News in Your Social Media Feed
Spotting fake news in your feed has always been tough. Now it just got tougher, thanks to AI. Fake news crops up in plenty of...
UK Electoral Commission Hacked
The UK Electoral Commission discovered last year that it was hacked the year before. That’s fourteen months between the hack and the discovery. It doesn’t...
ProxyNation: The dark nexus between proxy apps and malware
Executive summary AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. A company is charging for...
Stories from the SOC – Unveiling the stealthy tactics of Aukill malware
Executive summary On April 21st, 2023, AT&T Managed Extended Detection and Response (MXDR) investigated an attempted ransomware attack on one of our clients, a home improvement...
GitPython-3.1.18-2.el8
FEDORA-EPEL-2023-9a26de25cf Packages in this update: GitPython-3.1.18-2.el8 Update description: Backport a patch to fully fix CVE-2022-24439 Read More