A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects.
That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad
Source: TheHackerNews
Source Link:
https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html| CVE mentions by industry news | |
| Analyzing Tokenizer Part 2: Omen + Tokenizer | |
| Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms | |
| Analyzing JtR’s Tokenizer Attack (Round 1) | |
| Running JtR’s Tokenizer Attack | |
| Threat actor abuses Gophish to deliver new PowerRAT and DCRAT | |
| Crypto-Doubling Scams Surge Following Presidential Debate | |
| USENIX Security 23 – Extending A Hand To Attackers: Browser Privilege Escalation Attacks Via Extensions | |
| Fuzzing C OS protocol stacks, Part 1: HTTP server fuzzing | |
| Vulnerability Summary for the Week of August 19, 2024 | |
| No, not every Social Security number in the U.S. was stolen | |
| Multiple Safie products vulnerable to improper server certificate verification | |
| How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions | |
| Google Warns of Iranian Cyber-Attacks on Presidential Campaigns | |
| The Post-Quantum Cryptography Algorithms are finalized! Now what? | |
| Summer Lovin' or Summer Scammin'? | |
| USENIX Security 23 – V1SCAN: Discovering 1-day Vulnerabilities in Reused C C++ Open-Source Software Components Using Code Classification Techni | |
| Microsoft 365 Phishing Alert Can Be Hidden with CSS | |
| APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning | |
| CSMA Starts with Identity A Comprehensive Approach to Modern Cybersecurity | |
| Partnering With the National Child Protection Task Force | |
| There is no real fix to the security issues recently found in GitHub and other similar software | |
| Evolving development with software composition analysis and software bills of materials | |
| IoT: Internet of Threats? | |
| Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer | |
| USENIX Security 23 – WHIP: Improving Static Vulnerability Detection in Web Application by Forcing tools to Collaborate | |
| Phishing Campaigns Abuse Cloud Platforms to Target Latin America | |
| Two Russians Convicted for Role in LockBit Attacks | |
| Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills | |
| Google Lines Up $23bn Swoop For Startup Wiz Security | |
| Palo Alto Networks fixed a critical bug in the Expedition tool | |
| Microsoft s July 2024 Patch Tuesday Addresses 4 Zero-Days, 142 Vulnerabilities | |
| An investigation finds Airbnb fails to protect its guests from hidden cameras and moves swiftly to contain user complaints and resolve them out of cou | |
| USENIX Security 23 – Minimalist: Semi-automated Debloating of PHP Web Applications through Static Analysis | |
| USENIX Security 23 – USENIX Security ’23 – AnimateDead: Debloating Web Applications Using Concolic Execution | |
| Cyber insurance as part of the cyber threat mitigation strategy | |
| Choosing Your Kubernetes Cloud Provider: The Pros and Cons of GKE | |
| Maven Central and the tragedy of the commons | |
| Google's Naptime Framework to Boost Vulnerability Research with AI | |
| New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document | |
| Happy 1st Birthday to Our KnowBe4 Community! | |
| Optimizing SCA Use in CI Pipelines for Advanced DevSecOps | |
| Microsoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for Outlook | |
| ESET Research Podcast: APT Activity Report Q4 2023 Q1 2024 | |
| How Arid Viper spies on Android users in the Middle East Week in security with Tony Anscombe | |
| Contrast Security | PwC Luxembourg Award | Runtime Security | |
| Phishing Campaign Targets Job Seekers With WARMCOOKIE Backdoor | |
| USENIX Security 23 – Precise and Generalized Robustness Certification for Neural Networks | |
| Why malware matters most: 6 ways to foil software threats faster | |
| Phone Scammers Impersonating CISA Employees | |
| ‘cors-parser’ npm package hides cross-platform backdoor in PNG files | |
| Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater | |
| Multiple vulnerabilities in UNIVERSAL PASSPORT RX | |
| Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks | |
| #RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges | |
| HYPR and Microsoft Partner on Entra ID External Authentication Methods | |
| Citrix NetScaler ADC & Gateway Flaw Lets Attackers Obtain Sensitive Data Remotely | |
| Best SIEM Tools List For SOC Team – 2024 | |
| How space exploration benefits life on Earth: Q&A with David Eicher | |
| How New College Graduates Can Avoid Increasingly Personalized Job Scams | |
| Earnings Release FY24 Q3 (Microsoft) | |
| US Imposes Visa Restrictions on Alleged Spyware Figures | |
| Kudos! CEO Reveals He Got Phished | |
| Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns | |
| D-Link RCE Vulnerability That Affects 92,000 Devices Exploited in Wild | |
| Secrets Management in the Age of AI Cybercrime: Safeguarding Enterprises from Emerging Threats | |
| Multiple Cisco Small Business Routers Vulnerable to XSS Attacks | |
| Magento flaw exploited to deploy persistent backdoor hidden in XML | |
| Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Passwords | |
| Cyberattack disrupted services at Omni Hotels & Resorts | |
| New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks | |
| Space is essential for infrastructure. Why isn’t it considered critical? | |
| Chinese Hackers Target ASEAN Entities in Espionage Campaign | |
| It s Official: Cyber Insurance is No Longer Seen as a 'Safety Net' | |
| US Targets Crypto Firms Aiding Russia Sanctions Evasion | |
| 0ch BBS Script (0ch) vulnerable to cross-site scripting | |
| Multiple vulnerabilities in home gateway HGW BL1500HM | |
| March Product Update | |
| 7 ways to put your code on a diet and improve AppSec in the process | |
| Phishing Tops 2023 s Most Common Cyber Attack Initial Access Method | |
| NCSC Publishes Security Guidance for Cloud-Hosted SCADA | |
| FCC Agrees to Cyber Trust Mark for IoT Products | |
| Three New Critical Vulnerabilities Uncovered in Argo | |
| Dark Web Market Admin Gets 42 Months Prison for Selling Login Passwords | |
| How to share sensitive files securely online | |
| New Report Suggests Surge in SaaS Assets, Employee Data Sharing | |
| Threat Intelligence for Financial Services | |
| French Government Hit with Severe DDoS Attack | |
| SBOMs and medical devices: An essential step but no security cureall | |
| Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks | |
| Hackers use Zoom & Google Meet Lures to Attack Android & Windows users | |
| American Express Warns Credit Card Data Exposed in Third-Party Breach | |
| Predator spyware endures even after widespread exposure, analysis shows | |
| HYAS Product Enhancements – Part 1 – February 2024 | |
| Over 40% of Firms Struggle With Cybersecurity Talent Shortage | |
| Fairwinds Insights Release Notes 15.0-15.2: Aggregated Action Items | |
| BounceBack - Stealth Redirector For Your Red Team Operation Security | |
| New Outlook 0-day RCE Flaw Exploited in the Wild | |
| How to Analyze the MITRE Engenuity ATT&CK Evaluations: Enterprise | |
| Alert! 333% Surge in Hunter-Killer Malware that Bypasses Network Security Controls | |
| How to Fight Long-Game Social Engineering Attacks | |
| Vulnerability Summary for the Week of January 29, 2024 | |
| Applying Threat Intelligence to the Diamond Model of Intrusion Analysis | |
| Apple open sources Pkl, a configuration-as-code language with rich validation and tooling, with Swift, Go, Java, and Kotlin integration (Pkl Blog) | |
| Cybersecurity Insights with Contrast CISO David Lindner | 2 2 24 | |
| U.S. officials warn of dire Chinese cyber threats in wake of FBI operation to disrupt botnet | |
| US Senators Propose Cybersecurity Agriculture Bill | |
| ESET takes part in global operation to disrupt the Grandoreiro banking trojan | |
| BOFHound: Session Integration | |
| Identify Weak User Passwords With KnowBe4 s Enhanced Weak Password Test | |
| US Senator Exposes NSA Purchase of Americans Internet Records | |
| Bravo Channel Host Scammed Out of a Sizable Amount of Money by Fraudsters Posing as the Bank | |
| Parrot TDS Injecting Malicious Redirect Scripts on Hacked Sites | |
| ' - UAC-0050 RemoteUtilities (CERT-UA#8654) | |
| Facebook Work-From-Home Job Posting Scam Goes the Extra Mile to Trick Victims | |
| Drupal Releases Security Advisory for Drupal Core | |
| Senators Demand Probe into SEC Hack After Bitcoin Price Spike | |
| Cybersecurity Insights with Contrast CISO David Lindner | 1 12 24 | |
| The evolution of AppSec: 4 key changes required for a new era | |
| FTC Issues Warning About the Dangers of QR Code-Based Scams | |
| HealthEC Data Breach Impacts 4.5 Million Patients | |
| CyberheistNews Vol 14 #01 [Heads Up] SMTP Smuggling - How It Easily Circumvents Your Email Defenses | |
| 2024 predictions: AI will help make Web3 usable in mainstream applications and Web3 will help us trust AI, Web3 regulatory clarity, flat VC investing, | |
| Russia Spies on Kyiv Defenses via Hacked Cameras Before Missile Strikes | |
| USENIX Security 23 – Sophie Stephenson, Majed Almansoori, Pardis Emami-Naeini, Danny Yuxing Huang, Rahul Chatterjee Abuse Vectors: A Framewor | |
| St Vincent s Health Australia says data stolen in cyberattack | |
| Cancer Center Patients Become Attempted Victims of Data Extortion | |
| Robinhood received $1.1B in account transfers since it began offering a 1% match on transferred brokerage accounts on October 23, with 150+ transfers | |
| Cyber Risk Quantification Framework: A Beginner’s Guide | |
| Phishing Remains the Most Common Attack Technique, With Malicious URL Use Increasing 144% | |
| Silent but deadly: The rise of zero-click attacks | |
| WSJ: "A Hidden Risk in the Municipal Bond Market: Hackers" | |
| ALPHV BlackCat Site Downed After Suspected Police Action | |
| Police Arrest Hundreds of Human Traffickers Linked to Cyber Fraud | |
| Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series | |
| The Top 5 trends every DevOps leader needs to know for 2024 | |
| 78% of CISOs Concerned About AppSec Manageability | |
| IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities | |
| Very precisely lost GPS jamming | |
| CISA Releases First Secure by Design Alert | |
| Mastering NIST Penetration Testing: Your Essential Guide to Robust Cybersecurity | |
| Threat actors started exploiting critical ownCloud flaw CVE-2023-49103 | |
| The hack of MSP provider CTS potentially impacted hundreds of UK law firms | |
| Adobe Releases Security Updates for ColdFusion | |
| Personal data stolen in British Library cyber-attack appears for sale online | |
| CISA, FBI, MS-ISAC, and ASD s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed | |
| DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown | |
| MAR-10478915-1.v1 Citrix Bleed | |
| Critical AI Tool Vulnerabilities Let Attackers Execute Arbitrary Code | |
| BlackCat Ransomware's New SEC Reporting Tactic: Turn Regulations Against Victims | |
| Cyber-Criminals Exploit Gaza Crisis With Fake Charity | |
| Hackers Selling Exploits for Critical Vulnerabilities on the Dark Web | |
| Authorities Took Down Massive Phishing-as-a-service Provider BulletProftLink | |
| NordVPN Review 2023: Comprehensive Security for Your Business | |
| Getting Started with Terraform and AKS: a Step-by-Step Guide to Deploying Your First Cluster | |
| CVE-2023-47004 | |
| CVE-2023-3909 | |
| Hackers Actively Exploiting Linux Privilege Escalation Flaw to Attack Cloud Environments | |
| CVE-2023-5825 | |
| CVE-2023-33924 | |
| CVE-2023-4625 | |
| CVE-2023-21378 (android) | |
| CVE-2023-21347 (android) | |
| CVE-2023-25960 | |
| CVE-2023-43982 | |
| CVE-2023-43665 | |
| CVE-2023-41259 | |
| CVE-2023-46176 | |
| CVE-2017-7252 | |
| CVE-2023-39042 | |
| CVE-2023-39048 | |
| Block reports Q3 revenue up 24% YoY to $5.62B, vs. $5.4B est., profit up 21% YoY to $1.9B, Square profit up 15% YoY, and Cash App profit up 27% YoY; S | |
| CVE-2023-45341 | |
| AI Safety Summit: OWASP Urges Governments to Agree on AI Security Standards | |
| CVE-2023-45016 | |
| CVE-2023-5859 | |
| CVE-2023-42648 | |
| CVE-2022-48458 | |
| British Library suffers major outage due to cyberattack | |
| President Biden’s Proclamation: National Native American Heritage Month, 2023 | |
| CVE-2023-5893 | |
| CVE-2023-2622 | |
| CVE-2023-5306 | |
| Health care automation startup Olive, which was valued at $4B in July 2021, plans to shut down and has sold parts of its business to Waystar and Humat | |
| Regulator Reveals Large Disparity in APP Fraud Reimbursement | |
| AAAI Fall Symposium: Patr cia Alves-Oliveira on human-robot interaction design | |
| CVE-2023-43792 | |
| CVE-2023-41891 | |
| CVE-2023-21397 | |
| CVE-2023-21387 | |
| CVE-2023-40136 (android) | |
| CVE-2023-21352 | |
| CVE-2023-5666 | |
| CVE-2022-4575 | |
| CVE-2023-42431 | |
| The Outstanding ROI of KnowBe4's Trusted Security Awareness Training | |
| CVE-2023-46467 | |
| CVE-2023-26574 (idweb) | |
| Cybersecurity Awareness Month: How Contrast & the threat landscape have evolved | |
| DEF CON 31 Policy Panel: Navigating the Digital Frontier Advancing Cyber Diplomacy | |
| France agency ANSSI warns of Russia-linked APT28 attacks on French entities | |
| CVE-2023-46523 (tl-wr886n_firmware) | |
| CVE-2023-43737 | |
| CVE-2023-5783 | |
| CVE-2023-46234 | |
| CVE-2023-5780 | |
| CVE-2023-46094 | |
| CVE-2023-46088 | |
| CVE-2023-46077 | |
| CVE-2023-46074 | |
| CVE-2023-38848 | |
| CVE-2023-46520 | |
| CVE-2023-45767 | |
| CVE-2023-45756 | |
| CVE-2023-37909 | |
| CVE-2023-26572 | |
| Cisco warns of a second IOS XE zero-day used to infect devices worldwide | |
| CVE-2023-43065 | |
| CVE-2023-28796 | |
| A Brief History of Phishing, and Other Forms of Social Engineering | |
| Insider Risk Digest: Week 41-42 | |
| CVE-2023-5702 | |
| North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network | |
| CVE-2023-5684 | |
| CVE-2023-45681 | |
| CVE-2023-45677 | |
| CVE-2023-45661 | |
| CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities | |
| CVE-2023-44693 (dar-7000_firmware) | |
| CVE-2023-21413 (axis_os) | |
| CVE-2023-23373 | |
| CVE-2023-5414 | |
| CVE-2023-4598 | |
| CVE-2023-4274 | |
| CVE-2023-3996 | |
| CVE-2023-46087 (who_hit_the_page_hit_counter) | |
| CVE-2023-45643 (cpt_shortcode_generator) | |
| CVE-2023-45574 (di-7003g_firmware, di-7100g+_firmware, di-7100g_firmware, di-7200g+_firmware, di-7200g_firmware, di-7300g+_firmware, di-7400g+_firmwar | |
| CVE-2023-45642 (snap_pixel) | |
| CVE-2023-41715 (sonicos) | |
| CVE-2023-41712 (sonicos) | |
| CVE-2023-44986 (abandoned_cart_lite_for_woocommerce) | |
| Hackers Using Secure USB Drives to Attack Government Entities | |
| CVE-2023-44229 (tiny_carosel_horizontal_slider) | |
| CVE-2023-3392 (read_more_&_accordion) | |
| CVE-2022-22386 (security_verify_privilege_on-premises) | |
| CVE-2023-45905 (dreamer_cms) | |
| CVE-2023-45902 (dreamer_cms) | |
| CVE-2023-39276 | |
| CVE-2023-22093 | |
| CVE-2023-22069 | |
| CVE-2023-5240 (devolutions_server) | |
| CVE-2023-45108 (mailrelay) | |
| CVE-2023-42628 | |
| CVE-2023-45375 | |
| CVE-2023-38720 | |
| CVE-2023-4990 (mcl-net_firmware) | |
| CVE-2023-40180 | |
| CVE-2023-38000 (gutenberg, wordpress) | |
| CVE-2023-44101 (harmonyos) | |
| CVE-2023-45641 | |
| CVE-2023-45576 | |
| CVE-2023-38251 (commerce, magento) | |
| CVE-2023-5492 (smart_s45f_firmware) | |
| CVE-2023-36581 (windows_10, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_server_2008, | |
| CVE-2023-5240 | |
| CVE-2023-45465 | |
| CVE-2023-45130 | |
| CVE-2023-39999 | |
| CVE-2023-38171 (.net, visual_studio_2022, windows_11_22h2, windows_server_2022) | |
| CVE-2023-43149 | |
| CVE-2023-41850 (outbound_link_manager) | |
| CVE-2023-25774 | |
| CVE-2023-45058 | |
| Harvested Credentials Are Put Up for Sale Monthly on the Dark Web at a Rate of 10,000 a Month | |
| CVE-2023-44261 (block_plugin_update) | |
| CVE-2023-41876 (wp_gallery_metabox) | |
| CVE-2023-41730 (sendpress) | |
| CVE-2023-35645 | |
| CVE-2023-44860 (n3m_firmware) | |
| CVE-2023-40646 (android) | |
| CVE-2023-40639 (android) | |
| CVE-2023-34987 (fortiwlm) | |
| CVE-2023-44097 | |
| CVE-2023-44807 (dir-820l_firmware) | |
| CVE-2023-41768 | |
| CVE-2023-36722 | |
| CVE-2023-44061 (simple_and_nice_shopping_cart_script) | |
| CVE-2020-27213 | |
| Flagstar Bank MOVEit Breach Affects 800K Customer Records | |
| CVE-2023-45355 | |
| CVE-2023-40639 | |
| CVE-2023-44765 (concrete_cms) | |
| The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team | |
| Qakbot Gang Still Active Despite FBI Takedown | |
| CVE-2023-44212 | |
| CVE-2023-44828 | |
| CVE-2023-2544 (peix) | |
| NYC-based Headway, which connects patients with therapists who offer care covered by insurance, raised a $125M Series C led by Spark Capital at a $1B | |
| CVE-2023-4099 (qsige) | |
| CVE-2023-24853 (ar8035_firmware, fastconnect_6200_firmware, fastconnect_6700_firmware, fastconnect_6800_firmware, fastconnect_6900_firmware, fastconne | |
| CVE-2022-47892 (netman_204_firmware) | |
| Mastering SECaaS: Your Ultimate Implementation Guidance for 2023 | |
| CVE-2022-43906 | |
| Top 3 Tips Learned from Getting Fairwinds Insights into AWS Marketplace | |
| CVE-2023-4496 | |
| CVE-2023-3153 | |
| CVE-2023-5375 | |
| CVE-2023-41736 (email_posts_to_subscribers) | |
| CVE-2023-3196 | |
| CVE-2023-37990 | |
| CVE-2023-3440 | |
| CVE-2023-43268 | |
| CVE-2023-41687 (goods_catalog) | |
| CVE-2023-44123 (android) | |
| CVE-2023-5283 (engineers_online_portal) | |
| CVE-2023-44266 | |
| CVE-2023-44244 | |
| CVE-2023-5323 | |
| A Compilation of Personally Identifiable Email Address Accounts from Verified.cm Forum Team Members An OSINT Analysis | |
| Going Live on Twitter Spaces Today! | |
| CVE-2023-43708 | |
| CVE-2023-5284 | |
| CVE-2023-42453 (synapse) | |
| CVE-2023-3024 | |
| CVE-2023-43909 | |
| Pharma Industry Seeing Reduction in Data Breach Costs, But Still Have Much to Do | |
| CVE-2023-43664 | |
| CVE-2023-41232 (ipados, iphone_os, macos) | |
| CVE-2023-39195 | |
| CVE-2023-40307 | |
| What we know about BlackCat and the MGM hack | |
| CVE-2023-43614 (welcart_e-commerce) | |
| CVE-2023-44018 (ac10u_firmware) | |
| CVE-2023-37448 (macos) | |
| CVE-2023-2315 (opencart) | |
| CVE-2023-4506 | |
| CVE-2023-44156 | |
| CVE-2023-44129 | |
| CVE-2023-42460 | |
| CVE-2023-41986 | |
| CVE-2023-41305 | |
| CVE-2023-40419 | |
| CVE-2023-38907 (tapo, tapo_l530e_firmware) | |
| CVE-2023-43338 (mjs) | |
| CVE-2023-42456 (sudo) | |
| CVE-2023-42753 (enterprise_linux, linux_kernel) | |
| CISA Publishes Hardware Bill of Materials Framework | |
| CVE-2023-4259 | |
| CVE-2023-5002 (pgadmin) | |
| CVE-2023-41293 | |
| CVE-2023-41294 | |
| CVE-2015-6964 | |
| CVE-2023-41874 | |
| CVE-2023-42464 (debian_linux, netatalk) | |
| CVE-2023-0829 (plesk) | |
| CVE-2023-43240 (dir-816_a2_firmware) | |
| CVE-2023-43135 (tl-er5120g_firmware) | |
| CVE-2023-43242 | |
| Hackers and scammers target classrooms with ransomware. What can you do? | |
| CVE-2023-43135 | |
| CVE-2023-42454 (sqlpage) | |
| CVE-2023-43502 | |
| CVE-2023-43494 | |
| CVE-2023-42660 | |
| CVE-2023-5063 (widget_responsive_for_youtube) | |
| CVE-2023-43200 | |
| CVE-2023-3025 (dropbox_folder_share) | |
| CVE-2023-36319 | |
| CVE-2023-31009 | |
| CVE-2023-25525 | |
| CVE-2023-40934 | |
| CVE-2023-39039 (camp_style_project_line) | |
| #mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined | |
| CVE-2023-37281 (contiki-ng) | |
| CVE-2023-42454 | |
| CVE-2023-4806 | |
| CVE-2023-4918 (keycloak) | |
| CVE-2023-38507 | |
| Cybersecurity Insights with Contrast CISO David Lindner | 9 15 | |
| CVE-2023-3935 (codemeter_runtime, oseon, programmingtube, teczonebend, tops_unfold, topscalculation, trumpflicenseexpert, trutops, trutops_cell_classi | |
| CVE-2023-29305 (connect) | |
| 91% of Cybersecurity Professionals Have Experienced Cyber Attacks that Use AI | |
| CVE-2023-36551 (fortisiem) | |
| The Details of Microsoft s September 2023 Patch Tuesday Release | |
| CVE-2019-8884 | |
| CVE-2018-4767 | |
| CVE-2018-4765 | |
| CVE-2018-4706 | |
| CVE-2018-4705 | |
| CVE-2018-4654 | |
| CVE-2018-4603 | |
| CVE-2018-4531 | |
| CVE-2018-4519 | |
| CVE-2018-4515 | |
| CVE-2018-4492 | |
| CVE-2017-13980 | |
| CVE-2017-13976 | |
| CVE-2017-13967 | |
| CVE-2017-13957 | |
| CVE-2017-13915 | |
| CVE-2017-13896 | |
| CVE-2015-20002 | |
| CVE-2013-5146 | |
| CVE-2011-3465 | |
| CVE-2010-4017 | |
| CVE-2010-3807 | |
| CVE-2023-40725 (qms_automotive) | |
| CVE-2023-38074 (jt2go, teamcenter_visualization) | |
| CVE-2023-38070 (jt2go, teamcenter_visualization) | |
| Read it right! How to spot scams on Reddit | |
| CVE-2023-35666 (android) | |
| CVE-2022-34224 (acrobat, acrobat_dc, acrobat_reader, acrobat_reader_dc) | |
| CVE-2019-7819 (acrobat_dc, acrobat_reader_dc) | |
| CVE-2023-4847 (simple_book_catalog_app) | |
| CVE-2023-4900 | |
| CVE-2023-38143 | |
| CVE-2023-36800 | |
| CVE-2023-40611 | |
| CVE-2023-41033 | |
| CVE-2023-38076 | |
| CVE-2021-40723 (acrobat, acrobat_dc, acrobat_reader, acrobat_reader_dc) | |
| Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months | |
| CVE-2023-40623 | |
| CVE-2023-4060 | |
| CVE-2021-36021 (magento) | |
| CVE-2020-19320 | |
| CVE-2021-44193 (after_effects) | |
| CVE-2023-4589 (secret_server) | |
| CVE-2023-4583 | |
| CVE-2023-4865 | |
| CVE-2023-4487 (cimplicity) | |
| CVE-2023-30712 (android) | |
| CVE-2023-4844 | |
| CVE-2023-40306 | |
| CVE-2023-33015 (315_5g_firmware, aqt1000_firmware, ar8035_firmware, ar9380_firmware, csr8811_firmware, csrb31024_firmware, fastconnect_6200_firmware, | |
| CVE-2023-30995 | |
| CVE-2023-4034 (smartrise_document_management_system) | |
| CVE-2023-21662 (aqt1000_firmware, ar8035_firmware, fsm10056_firmware, ipq5010_firmware, ipq5018_firmware, ipq5028_firmware, ipq9008_firmware, ipq9574_ | |
| CVE-2023-40015 (vyper) | |
| CVE-2023-41775 | |
| CVE-2023-38456 (android) | |
| CVE-2023-38448 (android) | |
| CVE-2023-40584 | |
| CVE-2023-41061 | |
| CVE-2023-20832 (android, openwrt, rdk-b, yocto) | |
| Cybercriminals target graphic designers with GPU miners | |
| CVE-2023-4754 (gpac) | |
| CVE-2023-32102 (library_viewer) | |
| CVE-2023-41601 | |
| CVE-2023-41053 | |
| CVE-2023-41330 | |
| CVE-2020-10132 | |
| CVE-2023-41943 | |
| Back to Basics: The Key Elements of a Strong Security Program | |
| CVE-2023-32432 | |
| CVE-2023-30720 | |
| CVE-2023-30717 | |
| CVE-2023-28195 | |
| CVE-2023-30534 | |
| CVE-2023-41635 (realgimm) | |
| CVE-2023-34317 | |
| CVE-2023-41908 | |
| New Attack Technique MalDoc in PDF Alarms Experts | |
| CVE-2023-39162 | |
| CVE-2023-38466 | |
| CVE-2023-38443 | |
| CVE-2023-38437 | |
| CVE-2023-4751 | |
| CVE-2023-38387 | |
| CVE-2023-4709 | |
| CVE-2022-3407 | |
| CVE-2023-39710 | |
| CVE-2023-33320 (wp-hijri) | |
| CVE-2023-34172 (wordpress_social_login) | |
| CVE-2023-4481 | |
| CVE-2023-39558 (audimexee) | |
| CVE-2023-32801 (composite_products) | |
| Infamous Chisel Malware Analysis Report | |
| Paramount Global disclosed a data breach | |
| CVE-2023-4315 | |
| CVE-2023-3636 | |
| CVE-2023-39139 | |
| CVE-2023-3992 | |
| CVE-2023-4013 | |
| CVE-2023-41561 | |
| CVE-2023-41556 | |
| CVE-2023-41552 | |
| CVE-2023-25019 | |
| CVE-2023-40706 (snap_pac_s1_firmware) | |
| CVE-2020-18912 | |
| CVE-2023-40892 (ac8v4_firmware) | |
| CVE-2023-40751 (fundraising_script) | |
| LockBit 3.0 Ransomware Variants Surge Post Builder Leak | |
| CVE-2023-4569 | |
| CVE-2023-34725 | |
| CVE-2023-39062 | |
| CVE-2023-40766 | |
| CVE-2023-40762 | |
| CVE-2023-4558 | |
| CVE-2022-41444 (cacti) | |
| CVE-2020-21723 (ogg_video_tools) | |
| ThousandEyes Pi4 Wireless Deployment at Black Hat USA | |
| CVE-2020-19188 (ncurses) | |
| CVE-2023-4451 (cockpit) | |
| CVE-2023-2318 (marktext) | |
| NIST Publishes Draft Post-Quantum Cryptography Standards | |
| CVE-2023-38288 | |
| CVE-2023-4409 (nbs&happysoftwechat) | |
| Data Breaches Involving Social Engineering Attacks Take Longer to Identify and Contain | |
| CVE-2023-4443 (free_hospital_management_system_for_small_practices) | |
| CVE-2023-4441 (free_hospital_management_system_for_small_practices) | |
| CVE-2023-37379 | |
| Social Engineering Is the Number One Cybersecurity Problem by Far | |
| CVE-2023-32496 | |
| CVE-2023-32499 | |
| Phishing Tops the List as the Most Costly Initial Attack Vector in Data Breaches | |
| CVE-2023-4430 | |
| CVE-2023-40144 | |
| CVE-2023-32108 (albo_pretorio_online) | |
| CVE-2023-37434 | |
| CVE-2023-37432 | |
| CVE-2023-37427 | |
| CVE-2022-36648 | |
| CVE-2022-28071 | |
| CVE-2021-32292 | |
| CVE-2020-22524 | |
| CVE-2020-21426 | |
| CVE-2020-19188 | |
| CVE-2020-18378 | |
| US tech firms offer data protections for Europeans to comply with EU big tech rules | |
| CVE-2023-4303 | |
| CVE-2023-25915 | |
| CVE-2023-3954 | |
| CVE-2023-40735 | |
| Spoofing an Apple device and tricking users into sharing sensitive data | |
| People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | |
| Vulnerability Summary for the Week of July 10, 2023 | |
| Vulnerability Summary for the Week of July 31, 2023 | |
| CVE-2023-4432 | |
| CVE-2023-4434 | |
| CVE-2023-4394 | |
| CVE-2023-4352 | |
| CVE-2023-4350 | |
| CVE-2023-4335 | |
| CVE-2023-4330 | |
| CVE-2023-4328 | |
| CVE-2023-40348 (gogs) | |
| CVE-2023-40337 | |
| CVE-2023-4030 | |
| CVE-2023-4028 | |
| CVE-2023-40168 | |
| CVE-2023-39971 | |
| CVE-2023-39944 | |
| CVE-2023-39668 | |
| CVE-2023-39507 | |
| CVE-2023-39125 | |
| CVE-2023-36106 | |
| CVE-2023-34217 | |
| CVE-2023-32106 | |
| CVE-2023-28783 | |
| CVE-2023-2915 | |
| CVE-2023-20201 | |
| The Cloud Has Complicated Attack Surface Management | |
| Fortinet CVE-2023-27997: Impact and Mitigation Techniques | |
| #RoboCup2023 in tweets – part 2 | |
| Black Hat 2023: Understanding Mobile Exploitation Beyond the App | |
| Data leaks have given Irish republican groups upper hand against police, analysts warn | |
| Norfolk and Suffolk police admit breach involving personal data of 1,230 people | |
| Smuggler - An HTTP Request Smuggling Desync Testing Tool | |
| Phishing Spree Targets Zimbra Collaboration Account Holders | |
| Critical Flaws in PowerShell Gallery Enable Malicious Exploits | |
| Baldur’s Gate 3 Low FPS? Here’s 7 Ways to Fix and Improve it | |
| Ransomware's Paradox: Why Falling Monetization Rates Are Accompanied by Soaring Ransom Payments - A Must-Read Analysis. | |
| SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS) | |
| Security Alert: Microsoft Releases July 2023 Security Updates | |