Two account compromise flaws fixed in Strapi headless CMS

Read Time:34 Second

Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.

According to researchers with the Synopsys Cybersecurity Research Center (CyRC), the flaws allow a user with low privileges to access sensitive data that can be used to perform a password reset for a higher privileged account, such as the administrator. This means attackers need to gain access to a low-privileged account first and this can be achieved via compromised credentials, phishing or other methods.

To read this article in full, please click here

Microsoft Reports 92% Adoption Rate for Phishing-Resistant MFA Among Corporate Users

Android Improves Its Security

SuperCard X Enables Contactless ATM Fraud in Real-Time

Billbug Espionage Group Deploys New Tools in Southeast Asia

New Cryptojacking Malware Targets Docker with Novel Mining Technique

The AI Fix #47: An AI is the best computer programmer in the world

Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily

$40bn Southeast Asian Scam Sector Growing “Like a Cancer”

Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos