Gartner predicts that worldwide end-user spending on public cloud services will exceed $720 billion in 2025, up from $595.7 billion in 2024. As cloud investments grow, so does reliance on cloud-native architectures, introducing new layers of complexity and risk. One often-overlooked but serious threat in these environments is the Cross-Service Confused Deputy Attack, which can…
CVE-2023-36409 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Metrics CVSS Version 4.0 CVSS Version 3.x CVSS…
ISC Stormcast For Thursday, July 24th, 2025 https://isc.sans.edu/podcastdetail/9540, (Thu, Jul 24th) Source link
As I mention every time I teach FOR577, I have been a big fan of file integrity monitoring tools (FIM) since Gene Kim first released Tripwire well over 30 years ago. I’ve used quite a few of them over the years including tripwire, OSSEC, samhain, and aide, just to name a few. For many years,…
A few days after the exploit originally became widely known, there are now many different SharePoint exploit attempts in circulation. We do see some scans by researchers to identify vulnerable systems (or to scan for common artifacts of compromise), and a few variations of the “ToolPane.aspx” URL being hit. Even for our “random” honeypots, the…
Tor Browser 14.5.5 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. Full changelog The full changelog…
ISC Stormcast For Wednesday, July 23rd, 2025 https://isc.sans.edu/podcastdetail/9538, (Wed, Jul 23rd) Source link
# Exploit Title: LiveHelperChat 4.61 – Stored Cross Site Scripting (XSS) via the Chat Transfer Function # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5, Firefox …
# Exploit Title: LiveHelperChat <=4.61 – Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field # Date: 09/06/2025 # Exploit Author: Manojkumar J (TheWhiteEvil) # Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ # Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ # Software Link: https://github.com/LiveHelperChat/livehelperchat/ # Version: <=4.61 # Patched Version: 4.61 # Category: Web Application # Tested on: Mac OS Sequoia 15.5,…
# Exploit Title: Pie Register WordPress Plugin 3.7.1.4 – Authentication Bypass to RCE # Google Dork: inurl:/wp-content/plugins/pie-register/ # Date: 2025-07-09 # Exploit Author: Md Amanat Ullah (xSwads) # Vendor Homepage: https://wordpress.org/plugins/pie-register/ # Software Link: https://downloads.wordpress.org/plugin/pie-register.3.7.1.4.zip # Version: <= 3.7.1.4 # Tested on: Ubuntu 22.04 # CVE: CVE-2025-34077 #!/usr/bin/env python3 import requests import zipfile import…
