[webapps] ChurchCRM v4.5.1 – Authenticated SQL Injection
ChurchCRM v4.5.1 – Authenticated SQL Injection
ChurchCRM v4.5.1 – Authenticated SQL Injection
The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033.
That’s according to findings from Palo Alto Networks Unit 42, which discovered recent mali…
The prolific Iranian nation-state group known as Charming Kitten targeted multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools.
Discovered by Bitdefende…
Type: PodcastsMind the Gap: Understanding Your Attack Surface & Extending Your ResponseGeorge Anderson, Senior Product Marketing ManagerGeorge Anderson, Sr. Product Marketing Manager, discusses XDR and why open security platforms hold the key to the fu…
The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencen…
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header…
The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks.
In light of this signifi…
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution.
The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impac…
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution.
The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9…
Categories: News Tags: PaperCut Tags: server Tags: exploit Tags: attack Tags: authentication Tags: update Tags: patch We take a look at urgent updates needed for users of PaperCut, after two exploits were found in the wild. |
The post Update your PaperCut application servers now: Exploits in the wild appeared first on Malwarebytes Labs.