responsible disclosure

From Security Week – Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability

[[{"value":"Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’. The post Details Emerge on CVE Controversy Around Exploited…

shaikh Saqib April 3, 2025

News

From The Hacker News – New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent

shaikh Saqib March 18, 2025

News

From Cyber Security News – Hackers Exploited XSS Vulnerability in Popular Framework to Hijack 350+ Websites

A cross-site scripting (XSS) vulnerability within the Krpano framework, a popular tool for embedding 360° images and creating virtual tours, has been exploited to inject malicious scripts into over 350…

shaikh Saqib February 27, 2025

News

From The Hacker News – Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,

shaikh Saqib February 26, 2025

News

From Cyber Security News – Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries

Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers. The flaw enables authenticated…

shaikh Saqib February 24, 2025

News

From Security Week – Meta Paid Out Over $2.3 Million in Bug Bounties in 2024

[[{"value":"Meta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024. The post Meta Paid Out Over $2.3 Million in Bug Bounties…

shaikh Saqib February 14, 2025

News

From Cyber Security News – Unpatched Marvel Game RCE Exploit Could Let Hackers Take Over PCs & PS5s

A critical security vulnerability has been discovered in the popular online game Marvel Rivals, raising alarms about the potential for hackers to exploit unsuspecting players. The exploit, identified as a…

shaikh Saqib February 10, 2025