• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 

Google confirms Salesforce CRM breach, faces extortion threat

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me

Cross-Site Scripting

Pierluigi Paganini November 08, 2018
XSS flaw in Evernote allows attackers to execute commands and steal files

Security expert discovered a stored XSS flaw in the Evernote app for Windows that could be exploited to steal files and execute arbitrary commands. A security expert that goes online with the moniker @sebao has discovered a stored cross-site scripting (XSS) vulnerability in the Evernote application for Windows that could be exploited by an attacker to steal files and execute […]

Pierluigi Paganini September 22, 2016
BT Wi-Fi extender, extends to XSS and password changing vulnerabilities

Following an investigation by Pen Test Partners, British Telecom (BT) has released a firmware upgrade for their popular range of Wi-Fi extenders. The investigation uncovered vulnerabilities within the firmware when left the device exposed to possible XSS (Cross Site Scripting) Exploits as well as the ability to change the user’s password without notification. By combining […]

Pierluigi Paganini July 08, 2016
Flaws in BMW ConnectedDrive Infotainment System allow remote hack

A research discovered two zero-day vulnerabilities residing in the official BMW web domain and ConnectedDrive portal that allow remote hack. Once again IoT devices are affected by a serious flaw that could be exploited by hackers to compromise them, this time we speak of Car Hacking. Almost any modern connected vehicle uses a drive-by-wire system that […]

Pierluigi Paganini July 22, 2015
Joomla Helpdesk Pro flaws leave systems vulnerable to several attacks

The Outpost24 team has identified several vulnerabilities that affect Joomla HelpDesk Pro extension, the flaws can lead to remote code execution on servers. Kasper Bertelsen, a security researcher at Outpost24 has discovered a number of vulnerabilities in the Joomla Helpdesk Pro extension which can lead to remote code execution on servers. The Helpdesk Pro Joomla extension is developed […]

Pierluigi Paganini February 13, 2015
How to remotely install malicious apps on Android devices

Security researchers discovered how to install and launch malicious applications remotely on Android devices exploiting two flaws. Security researchers have uncovered a couple of vulnerabilities in the Google Play Store that could allow cyber criminals to install and launch malicious apps remotely on Android mobile devices. The expert Tod Beardsley, technical lead for the Metasploit […]

Pierluigi Paganini February 11, 2015
Exploiting Vulnerabilities in WordPress plugins, a cybercrime trend

A serious vulnerability in the FancyBox WordPress plugin makes it easy for a hacker to compromise any website based on the popular CMS. Last week SecurityWeek reported about another a zero-day flaw found in a WordPress plugin. This time, a new vulnerability found in the popular FancyBox for WordPress plugin could be exploited to inject […]

Pierluigi Paganini February 04, 2015
Severe XSS flaw affects fully patched Internet Explorer

Security experts discovered a new severe XSS flaw affects fully patched Internet Explorer and exposes users to risks of attacks and identity theft. A new critical cross-site scripting (XSS) vulnerability affects fully patched versions of Internet Explorer, the flaw could be exploited by hackers to steal user sensitive data (i.e. login credentials) and inject malicious […]

Pierluigi Paganini January 23, 2015
Google account hijacking via exploitation of XSS flaw

Security Expert Brett Buerhaus has discovered a critical flaw  on admin.google.com, which could be exploited by to Hijack an account and disable 2FA Authentication. Even the giants have their Achilles heel, the Google Apps administrator console is affected by a critical cross-site scripting (XSS) vulnerability that could be exploited by attackers to force a Google Apps admins […]

Pierluigi Paganini December 19, 2014
Several critical security vulnerabilities affect the Glassdoor website

The security expert  Mohamed M.Fouad discovered several critical security vulnerabilities at Glassdoor, which can lead to very harmful impact on all users. The Independent Security Researcher Mohamed M.Fouad has discovered  a lot of critical security vulnerabilities at Glassdoor that could lead to very harmful impact on all users.  Mohamed M.Fouad an Independent Security Researcher from Egypt. I […]

Pierluigi Paganini September 18, 2014
Adobe issued critical security updates for Acrobat and Reader PDF

Adobe with a week of delay on the roadmap has released security updates to fix critical vulnerabilities in Acrobat and Reader PDF. Adobe has finally released critical security updates for its products Reader and Acrobat PDF software. The vulnerabilities fixed with these updates have been targeted by hackers in numerous cyber attacks worldwide. The security updates […]

  • 1
  • 2

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

    APT / August 16, 2025

    New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

    Malware / August 15, 2025

    Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

    Security / August 15, 2025

    'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

    Malware / August 15, 2025

    Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

    Hacking / August 15, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT