Aggregator

申请人应在2025年10月9日前将指南建议书电子版发送

A new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms. The threat surfaced after security researcher sdcyberresearch posted a cryptic tweet hinting at an active campaign hosted on cc-analytics[.]com. Subsequent analysis revealed a heavily obfuscated script that hooks into checkout fields, collects credit card and billing […]

The post New Magecart Attack Injects Malicious JavaScript to Steal Payment Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Microsoft Outlook 2003. It has been rated as problematic. This affects an unknown part of the component HTML Mail Reply Handler. Performing manipulation results in improper privilege management. This vulnerability is identified as CVE-2004-0502. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended that the affected component be replaced with an alternative.

A vulnerability was found in Microsoft Outlook 2003. It has been classified as critical. This issue affects some unknown processing of the component Access Restriction. Performing manipulation of the argument src results in improper privilege management. This vulnerability is known as CVE-2004-0501. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Microsoft Outlook 2002/XP and classified as critical. Affected by this vulnerability is an unknown functionality of the component mailto Handler. Executing manipulation with the input " can lead to basic cross site scripting. This vulnerability is registered as CVE-2004-0121. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in Microsoft Internet Explorer 6. It has been declared as critical. Affected by this issue is some unknown functionality of the component HTML Link Table Handler. Executing manipulation can lead to authentication bypass by spoofing. This vulnerability appears as CVE-2004-1104. The attack may be performed from remote. In addition, an exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Internet Explorer. It has been rated as very critical. This affects an unknown part of the component IFRAME Handler. The manipulation of the argument src/name leads to heap-based buffer overflow. This vulnerability is traded as CVE-2004-1050. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to replace the affected component with an alternative.

Submit #650792 / VDB-324662

Microsoft's Digital Crimes Unit dismantled RaccoonO365, a major phishing service that stole thousands of user credentials and targeted US healthcare organisations. Discover how the operation worked and its global impact.

Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting the operation’s technical infrastructure and cutting off criminals’ access to victims,” announced Steven Masada, Assistant General Counsel at Microsoft’s Digital Crimes Unit (DCU). Who is behind RaccoonO365? RaccoonO365 (aka Storm-2246) sold pre-packaged, subscription-based phishing kits, … More →

The post Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader appeared first on Help Net Security.

Jamf Pro通过Blueprints使用DDM声明管理macOS Tahoe的Safari设置，包括禁止清除历史记录和私密浏览功能。这些设置仅适用于MDM管理用户，需手动配置Blueprints并部署到目标设备。

A vulnerability classified as problematic was found in itsourcecode Online Petshop Management System 1.0. The affected element is an unknown function of the file availableframe.php of the component Admin Dashboard. The manipulation of the argument name/address results in cross site scripting. This vulnerability is known as CVE-2025-10632. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in itsourcecode Online Petshop Management System 1.0. Impacted is an unknown function of the file addcnp.php of the component Available Products Page. The manipulation of the argument name/description leads to cross site scripting. This vulnerability is traded as CVE-2025-10631. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Oliver Steadman被指控参与针对西敏斯特政客、官员和记者的WhatsApp“蜜罐”行动，涉嫌发送挑逗性信息以获取照片。警方调查发现其行为涉及敲诈勒索和滥用通信网络。Steadman面临多项指控，并已暂停工党成员资格。

A vulnerability described as critical has been identified in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgi_main of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2025-10629. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as critical has been reported in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2025-10628. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #650676 / VDB-324661

Submit #650675 / VDB-324660

Submit #650660 / VDB-324659

Submit #650656 / VDB-324658