Microsoft Defender
Microsoft Defender Insufficient Granularity of Access Control Vulnerability — Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate pr
SaaS platforms, cloud providers, developer tooling, and app-layer infrastructure are concentrated attack surfaces. One tech vendor breach can expose thousands of downstream customers. Below is every tech-sector breach LeakTrace has indexed.
Microsoft Defender Insufficient Granularity of Access Control Vulnerability — Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate pr
Overview and Background This is the first of what will likely be several updates to this site’s exclusive reporting on the “BlueLeaks 2.0” incident that exposed anonymous and sensitive tips by and about
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been
Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability — Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local
Frontend cloud platform Vercel, the creator of Next.js and Turbo.js, has warned about a data breach after a compromised third-party AI application abused OAuth to access its internal systems. A Vercel employee used th
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScr
A cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses. A cyberattack targeted France’s ANTS platform, which handles applications for passpo
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability — Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface o
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability — Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability
JetBrains TeamCity Relative Path Traversal Vulnerability — JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
PaperCut NG/MF Improper Authentication Vulnerability — PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the Securit
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability — Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to imperson
Kentico Xperience Path Traversal Vulnerability — Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]
An indirect prompt injection could be chained with a sandbox bypass and Cursor’s remote tunnel feature for shell access to machines. The post Cursor AI Vulnerability Exposed Developer Devices appeared first on SecurityWe
Apache ActiveMQ Improper Input Validation Vulnerability — Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
China-aligned hackers have deployed a Linux-based ELF backdoor to steal cloud credentials at scale from workloads across AWS, GCP, Azure, and Alibaba Cloud environments. According to Breakglass Intelligence findings,
Microsoft Office Remote Code Execution — Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially craft
Microsoft SharePoint Server Improper Input Validation Vulnerability — Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a networ
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability — Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution
The ShinyHunters cybercrime group has claimed responsibility for breaching systems linked to video game developer Rockstar Games, threatening to release stolen data if a ransom is not paid.
Adobe Acrobat Use-After-Free Vulnerability — Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained. The post Booking.com Says Hackers Accessed User Information appeared first on SecurityW
Joe Tidy reports: Grand Theft Auto developer Rockstar Games has been targeted for a second time in three years by hackers. The data breach affecting the gaming giant was reported by cybersecurity news outlets on Saturday