Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

20 Top-Level Domain Names Abused by Hackers in Phishing Attacks

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

HackRead
#web#android#mac#windows#google#microsoft#linux#git#pdf
GHSA-j226-63j7-qrqh: Laravel Translation Manager Vulnerable to Stored Cross-site Scripting

### Impact The application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. ### Patches The issue is fixed in https://github.com/barryvdh/laravel-translation-manager/pull/475 which is released in version 0.6.8 ### Workarounds Only authenticated users with access to the translation manager are impacted. ### References [[PT-2025-04] laravel translation manager.pdf](https://github.com/user-attachments/files/20639250/PT-2025-04.laravel.translation.manager.pdf) ### Reported by Positive Technologies (Artem Deikov, Ilya Tsaturov, Daniil Satyaev, Roman Cheremnykh, Artem Danilov, Stanislav Gleym)

Unsecured Database Exposes Data of 3.6 Million Passion.io Creators

A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…

Europol Targets Over 2,000 Extremist Links Exploiting Minors Online

Europol targets extremist online content exploiting minors, tackling rising use of AI, propaganda, and grooming across Europe’s digital platforms.

US Sanctions Philippines’ Funnull Technology Over $200M Crypto Scam

The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering…

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.

Cybercriminals camouflaging threats as AI tool installers

Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.

ChatGPT o3 Resists Shutdown Despite Instructions, Study Claims

ChatGPT o3 resists shutdown despite explicit instructions, raising fresh concerns over AI safety, alignment, and reinforcement learning behaviors.

Zimbra CVE-2024-27443 XSS Flaw Hits 129K Servers, Sednit Suspected

A critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite’s CalendarInvite feature is actively being exploited, potentially by the…

ConnectWise ScreenConnect Tops List of Abused RATs in 2025 Attacks

Cofense Intelligence's May 2025 report exposes how cybercriminals are abusing legitimate Remote Access Tools (RATs) like ConnectWise and Splashtop to deliver malware and steal data. Learn about this growing threat.