For the latest discoveries in cyber research for the week of 28th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The US Energy Department, including its National Nuclear Security Administration (NNSA), was reportedly breached as part of a Microsoft SharePoint vulnerability exploit. The breach was linked to a broader espionage campaign, that…
ISC Stormcast For Monday, July 28th, 2025 https://isc.sans.edu/podcastdetail/9544, (Mon, Jul 28th) Source link
New features WebTunnel bridges You can now use WebTunnel bridges to connect to the Tor network from Tails. WebTunnel is a bridge technology that is particularly good at circumventing censorship and might work from places where obfs4 bridges are blocked. WebTunnel disguises your connection as ordinary web traffic. To get WebTunnel bridges, visit https://bridges.torproject.org/. Changes…
CVE-2023-4810 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which…
CVE-2023-5454 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users…
CVE-2023-5355 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing…
When you need to analyze some suspicious pieces of code, it’s interesting to detonate them in a sandbox. If you don’t have a complete sandbox environment available or you just want to avoid generatin noise on your network, why not route the traffic to a sinkhole or NULL-route (read: packets won’t be sent across the normal…
CVE-2023-5352 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit…
CVE-2023-5181 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which…
CVE-2023-5082 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before…
