Aggregator

CVE-2002-1795 | Microsoft TSAC Activex Control connect.asp cross site scripting (ID 10836 / XFDB-10342)

Vuldb Updates
2 months ago
A vulnerability was found in Microsoft TSAC Activex Control. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the file connect.asp. Performing manipulation results in basic cross site scripting. This vulnerability is reported as CVE-2002-1795. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

Security Affairs
2 months ago
Zscaler breach tied to Salesloft Drift attack exposed Salesforce data, leaking customer info and support case details in a supply-chain compromise. Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat […]
Pierluigi Paganini

CVE-2025-55007 | KnowageLabs Knowage-Server up to 8.1.36 server-side request forgery (GHSA-7f6m-ph57-52w6 / EUVD-2025-26348)

VulDB Recent Entries
2 months ago
A vulnerability was found in KnowageLabs Knowage-Server up to 8.1.36. It has been classified as critical. The impacted element is an unknown function. Performing manipulation results in server-side request forgery. This vulnerability is identified as CVE-2025-55007. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-57799 | lemon8866 StreamVault prior 250822 system os command injection (GHSA-qg4r-92hv-g9f4 / EUVD-2025-26347)

VulDB Recent Entries
2 months ago
A vulnerability was found in lemon8866 StreamVault and classified as critical. The affected element is an unknown function. Such manipulation of the argument system leads to os command injection. This vulnerability is referenced as CVE-2025-57799. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

The Hackers News
2 months ago
Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, to also distribute simpler malware such as SMS stealers and basic spyware. These campaigns are propagated via dropper apps masquerading as government or banking apps in India and other parts of Asia, ThreatFabric said in a report
The Hacker News

Wireshark 4.4.9 Released With Fix For Critical Bugs and Updated Protocol Support

Cyber Security News
2 months ago

The Wireshark team has rolled out version 4.4.9, a maintenance release for the world’s most popular network protocol analyzer. This update focuses on stability and reliability, delivering a series of important bug fixes and enhancing support for several existing protocols. The new version is now available for all supported platforms, including Windows, macOS, and Linux. […]

The post Wireshark 4.4.9 Released With Fix For Critical Bugs and Updated Protocol Support appeared first on Cyber Security News.

Guru Baran

Hackers Reportedly Demand Google Fire Two Employees, Threaten Data Leak

Cyber Security News
2 months ago

A group claiming to be a coalition of hackers has reportedly issued an ultimatum to Google, threatening to release the company’s databases unless two of its employees are terminated. The demand, which appeared in a Telegram post, specifically named Austin Larsen and Charles Carmakal, both members of Google’s Threat Intelligence Group. According to a post […]

The post Hackers Reportedly Demand Google Fire Two Employees, Threaten Data Leak appeared first on Cyber Security News.

Guru Baran

Managed ad