Tag: XSS

Koha Library Systems at High Risk, Patch Immediately
Summary: A critical SQL Injection vulnerability (CVE-2025-22954) has been discovered in Koha, a popular open-source library management system, affecting multiple versions. This flaw allows both unauthenticated and authenticated users to inject arbitrary SQL instructions, posing a severe risk to sensitive data. Koha version 24.11.02 has been released to address this issue, along with additional security enhancements.…
Read More
SAP Patches High-Severity XSS and Authorization Flaws in Latest Security Updates
Summary: SAP has issued a round of security updates addressing 21 new vulnerabilities, including high-severity issues such as XSS in SAP Commerce and a missing authorization check in SAP NetWeaver. Notably, vulnerabilities could allow unauthorized access and potentially lead to remote code execution. Customers are urged to apply the updates to secure their systems promptly.…
Read More
Social Engineering: The Art of Psychological Exploitation Part-2
This article explores various effective phishing techniques deployed by cybercriminals to deceive users into divulging sensitive information. Techniques discussed include homograph attacks, address bar spoofing, and others that exploit user trust and browser features. Affected: users, online platforms, digital security

Keypoints :

Website phishing is a common social engineering attack.…
Read More
Stored xss using PDF a bug?
This article discusses the discovery of stored XSS vulnerabilities through the upload of malicious PDFs on various company platforms, leading to Hall of Fame (HOF) recognitions for the author. The vulnerabilities allow for potential exploitation, particularly the execution of JavaScript in PDF documents. The author highlights the risk associated with improper handling of uploaded files and emphasizes the importance of using sandbox environments.…
Read More
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors
Summary: A malicious campaign targeting various sectors in Japan has been attributed to unknown threat actors exploiting the CVE-2024-4577 vulnerability in PHP. The attackers utilize Cobalt Strike plugins for post-exploitation, establishing persistent access and conducting reconnaissance to steal credentials and sensitive data. Their operations utilizing tools hosted on Alibaba cloud servers suggest that their motives may extend beyond credential harvesting, indicating potential future threats.…
Read More
Unmasking the new persistent attacks on Japan
Cisco Talos discovered a malicious campaign attributed to an unknown attacker targeting organizations in Japan since January 2025, primarily exploiting the CVE-2024-4577 vulnerability to gain initial access and deploy advanced adversarial tools via Cobalt Strike. The attacker’s activities entail credential theft, system compromise, and potential lateral movement which could impact various industries.…
Read More
Unveiling EncryptHub: Analysis of a Multi-Stage Malware Campaign
EncryptHub, a notable cybercriminal organization, has gained increasing attention from threat intelligence teams due to its operational security missteps. These lapses have allowed analysts to gain insights into their tactics and infrastructure. The report details EncryptHub’s multi-stage attack chains, trojanized application distribution strategies, and their evolving killchain, making them a significant threat in the cyber landscape.…
Read More
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
Summary: EncryptHub, a financially motivated threat actor, is executing advanced phishing campaigns focused on deploying information stealers and ransomware while developing a new tool named EncryptRAT. The group utilizes a variety of distribution methods, including third-party PPI services, to enhance their attack efficacy. Organizations are urged to adopt multi-layered security strategies to combat these evolving threats.…
Read More
Bug Bounty Hunting: Web Vulnerability (Cross-Site Request Forgery)
Cross-Site Request Forgery (CSRF) attacks manipulate authenticated users into executing unwanted actions without their consent, risking account security and sensitive information. Exploits use techniques like CSRF tokens, clickjacking, and forged requests to bypass protections, making effective prevention essential. Affected: websites, online services, users

Keypoints :

CSRF is a client-side attack exploiting authenticated sessions.…
Read More
Threat Context Monthly: Executive Intelligence Briefing for February 2025 – Black Basta, & M_A_G_A
This article highlights the recent activities of the Black Basta ransomware group, focusing on their internal operations and significant data leaks. Furthermore, it discusses another threat actor, M_A_G_A, who is engaged in distributing malware. The insights provided shed light on the evolving tactics and techniques employed by these cybercriminals.…
Read More
Sites of Major Orgs Abused in Spam Campaign Exploiting Virtual Tour Software Flaw
Summary: A significant spam campaign has exploited a vulnerability in Krpano, a widely used virtual tour software, leading to malicious redirects affecting numerous major organizations worldwide. The reflected XSS vulnerability allowed attackers to embed ads or redirect users to inappropriate sites. Despite a previous patch issued in 2020, the issue lingered, prompting renewed notifications and fixes from Krpano developers after the exploitation was reported.…
Read More
Cisco Patches Vulnerabilities in Nexus Switches
Summary: Cisco has patched multiple vulnerabilities in its Nexus switches, including high-severity command injection and denial-of-service (DoS) issues affecting the Nexus 3000 and 9000 series. The updates address significant risks where authenticated attackers could exploit the vulnerabilities to execute commands or cause device reboots. No known exploits have been reported yet, but these vulnerabilities may pose risks given Cisco’s history of being targeted by threat actors.…
Read More
Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
Summary: A cross-site scripting (XSS) vulnerability in the Krpano virtual tour framework has been exploited in a large-scale campaign, affecting over 350 websites and allowing malicious actors to manipulate search results and serve spam ads. Security researcher Oleg Zaytsev reported that this operation utilizes trusted domains to distribute ads for pornography, diet supplements, and fake news.…
Read More
How This 999 Dollar XSS Bug Bounty Was Found in Just 17 Minutes
Cross-site scripting (XSS) vulnerabilities, particularly stored XSS, pose significant security threats in web applications, allowing attackers to hijack user sessions and steal sensitive information. By exploiting hidden input fields and using clever payloads, vulnerabilities can often be found in overlooked areas. This article illustrates a successful hunt for such a vulnerability and the critical lessons learned.…
Read More
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
Summary: The CISA has added two significant vulnerabilities affecting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. One is a privilege escalation flaw in Microsoft Partner Center, and the other is a cross-site scripting vulnerability in ZCS.…
Read More