Researchers from Wiz have discovered a way to [allow for search engine manipulation and account takeover](). The research in question focuses on several Microsoft applications, with everything stemmin ...

Continue Reading

March 31, 2023

### Summary An unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Some ...

Continue Reading

March 31, 2023

A vulnerability was found in IBOS 4.5.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?r=report/api/getlist of the component Report Search. The mani ...

Continue Reading

March 31, 2023

### Summary An unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Some ...

Continue Reading

March 30, 2023

![Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe](https://blog.talosintelligence.com/content/images/2023/03/threat ...

Continue Reading

March 30, 2023

# Talos Vulnerability Report ### TALOS-2022-1685 ## ManageEngine OpManager Add UCS Device blind XXE vulnerability ##### March 30, 2023 ##### CVE Number CVE-2022-43473 ##### SUMMARY A blind XML Externa ...

Continue Reading

March 30, 2023

Last week, there were 80 vulnerabilities disclosed in 69 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerabil ...

Continue Reading

March 30, 2023

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:1672-1 advisory. - When using the RemoteIpFilter with requests receiv ...

Continue Reading

March 30, 2023