American Associated Pharmacies allegedly breached by Embargo ransomware
Such an intrusion has not yet been confirmed by the AAP, whose website warned of the recent forced reset of all user passwords without further information but the organization was noted by Embargo to have already provided $1.3 million in exchange for the decryption of its systems.
Expanded cyberattacks launched by Hamas-linked hackers against Israel
After engaging in cyberespionage attacks that involved the distribution of RAR archive lures to deploy the IronWind downloader and Havoc post-exploitation framework, WIRTE proceeded to target numerous Israeli entities with the updated SameCoin Wiper malware in a phishing campaign impersonating an Israeli partner of cybersecurity firm ESET.
If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.
Microsoft Power Pages Leak Millions of Private Records
Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.
NA - CVE-2024-5083 - A stored Cross-site Scripting vulnerability has...
A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
NA - CVE-2024-5082 - A Remote Code Execution vulnerability has been...
A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
NA - CVE-2023-34049 - The Salt-SSH pre-flight option copies the...
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and...
NA - CVE-2024-10146 - The Simple File List WordPress plugin before...
The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could...
NA - CVE-2024-9186 - The Recover WooCommerce Cart Abandonment,...
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter...
