Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

Malwarebytes Premium Security awarded “Product of the Year” from AVLab

Malwarebytes Premium Security has once again been awarded “Product of the Year” after successfully blocking 100% of “in-the-wild” malware samples.

Malwarebytes
Open in Source
#web#firefox
Navigating Crypto Without Sacrificing Your Privacy

Cryptocurrency offers financial freedom, but it also comes with privacy challenges. Unlike traditional banking, where transactions remain relatively…

Mozilla Tweaks Firefox Terms After Uproar Over Data Use Language

Firefox’s new Terms of Use spark user backlash over data rights. Learn how Mozilla responded to concerns about…

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states - You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It

GHSA-vf6x-59hh-332f: Formwork has a cross-site scripting (XSS) vulnerability in Site title

### Summary The site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users. ### Impact The attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability. ### Patches - [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation. ### Details By embedding "<!--", the source code can be rendered non-functional, significantly impacting system availability. However, the attacker would need admin privileges, making the attack more difficult to execute. ### PoC ![image](https://github.com/user-attachments/assets/8fc68f6f-8bc4-4b97-8b93-dee5b88a3fcf) 1. The page where the vulnerability was found, and the attack surface is the Title field. ![image](https://github.com/user-attachment...

Angry Likho APT Resurfaces with Lumma Stealer Attacks Against Russia

Angry Likho APT resurfaces, targeting Russian and Belarusian organizations with Lumma Stealer malware via phishing attacks, stealing credentials, banking data, and more.

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

Hackers Use Google Docs and Steam to Spread ACRStealer Infostealer

A new information-stealing malware, ACRStealer, is leveraging legitimate platforms like Google Docs and Steam to carry out its…

SecTopRAT bundled in Chrome installer distributed via Google Ads

Beware before downloading Google Chrome from a Google search, you might get more than you expected.

Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots

The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn how it…