Apache ActiveMQ
Apache ActiveMQ Improper Input Validation Vulnerability — Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
Technology & Software Data Breaches (1270 indexed)
Microsoft SharePoint Server
Microsoft SharePoint Server Improper Input Validation Vulnerability — Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a networ
China-linked cloud credential heist runs
China-aligned hackers have deployed a Linux-based ELF backdoor to steal cloud credentials at scale from workloads across AWS, GCP, Azure, and Alibaba Cloud environments. According to Breakglass Intelligence findings,
Microsoft Office
Microsoft Office Remote Code Execution — Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially craft
Hackers claim breach of Rockstar
The ShinyHunters cybercrime group has claimed responsibility for breaching systems linked to video game developer Rockstar Games, threatening to release stolen data if a ransom is not paid.
Microsoft Windows
Microsoft Windows Out-of-Bounds Read Vulnerability — Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
Booking.com Says Hackers Accessed User
The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained. The post Booking.com Says Hackers Accessed User Information appeared first on SecurityW
Microsoft Visual Basic for Applications (VBA)
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability — Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution
GTA-maker Rockstar Games
Joe Tidy reports: Grand Theft Auto developer Rockstar Games has been targeted for a second time in three years by hackers. The data breach affecting the gaming giant was reported by cybersecurity news outlets on Saturday
OpenAI Revokes macOS App Certificate
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an a
Adobe Acrobat and Reader
Adobe Acrobat and Reader Prototype Pollution Vulnerability — Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Fortinet FortiClient EMS
Fortinet SQL Injection Vulnerability — Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP req
Adobe Acrobat
Adobe Acrobat Use-After-Free Vulnerability — Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Microsoft Exchange Server
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability — Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Microsoft Windows
Microsoft Windows Link Following Vulnerability — Microsoft Windows contains a link following vulnerability that allows for privilege escalation
Ransomware attack on ChipSoft knocks
Dutch healthcare IT firm ChipSoft suffered a ransomware attack, forcing services and its HiX platform offline, impacting hospitals and patients. ChipSoft, a major Dutch provider of EHR systems, was hit by a ransomware at
CPUID
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]
Healthcare IT solutions provider ChipSoft
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...]
My Lovely AI
106,271 records exposed — Email addresses, Social media profiles
Ivanti Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code executi
Exposed ComfyUI Instances Targeted in
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python s
Fortinet FortiClient EMS
Fortinet FortiClient EMS Improper Access Control Vulnerability — Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or comma
SongTrivia2
291,739 records exposed — Auth tokens, Avatars, Email addresses, Names and 2 more
TrueConf Client
TrueConf Client Download of Code Without Integrity Check Vulnerability — TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path ca