#cross-site-scripting-xss

[ follow ]
BleepingComputer
6 months ago
Privacy professionals

Hackers steal data of 2 million in SQL injection, XSS attacks

A threat group named 'ResumeLooters' has stolen personal data from two million job seekers.
The group used SQL injection and cross-site scripting (XSS) attacks to compromise legitimate job listing and retail sites. [ more ]
#zero-day vulnerability
SecurityWeek
9 months ago
Privacy professionals

Zimbra Zero-Day Exploited to Hack Government Emails

A Zimbra Collaboration Suite zero-day vulnerability was exploited to steal email data from government organizations in multiple countries.
The exploit, tracked as CVE-2023-37580, is a reflected cross-site scripting (XSS) bug that requires the user to click on a malicious link.
Google's Threat Analysis Group observed multiple campaigns exploiting the zero-day and linked the attacks to a Russian APT known as Winter Vivern. [ more ]
SecurityWeek
9 months ago
Privacy professionals

Zimbra Zero-Day Exploited to Hack Government Emails

A Zimbra Collaboration Suite zero-day vulnerability was exploited to steal email data from government organizations in multiple countries.
The exploit, tracked as CVE-2023-37580, is a reflected cross-site scripting (XSS) bug that requires the user to click on a malicious link.
Google's Threat Analysis Group observed multiple campaigns exploiting the zero-day and linked the attacks to a Russian APT known as Winter Vivern. [ more ]
SecurityWeek
9 months ago
Privacy professionals

Zimbra Zero-Day Exploited to Hack Government Emails

A Zimbra Collaboration Suite zero-day vulnerability was exploited to steal email data from government organizations in multiple countries.
The exploit, tracked as CVE-2023-37580, is a reflected cross-site scripting (XSS) bug that requires the user to click on a malicious link.
Google's Threat Analysis Group observed multiple campaigns exploiting the zero-day and linked the attacks to a Russian APT known as Winter Vivern. [ more ]
SecurityWeek
9 months ago
Privacy professionals

Zimbra Zero-Day Exploited to Hack Government Emails

A Zimbra Collaboration Suite zero-day vulnerability was exploited to steal email data from government organizations in multiple countries.
The exploit, tracked as CVE-2023-37580, is a reflected cross-site scripting (XSS) bug that requires the user to click on a malicious link.
Google's Threat Analysis Group observed multiple campaigns exploiting the zero-day and linked the attacks to a Russian APT known as Winter Vivern. [ more ]
morezero-day vulnerability
[ Load more ]