• Collabora Office for Android - JavaScript Injection via Links

    A JavaScript Injection vulnerability (CVE-2024-45045) has been identified in Collabora Office for Android, allowing an attacker to execute arbitrary JavaScript within the context of the Android App when a victim opens a specially crafted document.

    Continue Reading →

  • Moodle - Reflected XSS Vulnerability via H5P error message

    A reflected cross-site scripting (XSS) vulnerability (CVE-2024-43439) has been identified in Moodle, allowing an attacker to execute arbitrary JavaScript within the context of a Moodle website when a victim visits a specially crafted link.

    Continue Reading →

  • Peripheral Sight - Red Teaming with printer CVE-2024-5143

    In a red team engagement, anything can be a target, and depending on what has already been looted (or not), everything will be a target - even as a form of desperation. In this stage of an engagement, a red team member may have to broaden their vision and should also bring peripherals into their scope, as they may also contain valuable information or loot. This happened during a red team engagement with the DT Security Red Team, which resulted in finding juicy information through a previously unknown CVE on an HP Printer.

    Continue Reading →

  • Airmail App - JavaScript Injection Vulnerability Exposes Sensitive Data

    A vulnerability has been identified in the popular iOS/macOS email apps “Airmail - Your Mail With You” and “Airmail for Business” that poses a significant risk. The vulnerability, classified as a JavaScript injection combined with an insecurely configured WebView, was present in versions of the apps prior to 5.7.

    Continue Reading →

  • T-Pot Version 24.04 released

    We are proud to announce the release of T-Pot 24.04! T-Pot 24.04 marks probably the largest change in the history of the project. While most of the changes have been made to the underlying platform some changes will be standing out in particular - a T-Pot ISO image will no longer be provided with the benefit that T-Pot will now run on multiple Linux distributions (Alma Linux, Debian, Fedora, OpenSuse, Raspbian, Rocky Linux, Ubuntu), Raspberry Pi (optimized) and macOS / Windows (limited).

    Dashbaord

    Continue Reading →

  • Apple's UIKit Vulnerability - Sandbox Escape

    A vulnerability has been identified in various Apple devices, including iPhones, posing a significant risk. The vulnerability affects the UIKit component.

    Continue Reading →

  • Apple's macOS Quick Look Vulnerability - Buffer Overflow

    A vulnerability has been identified in Apple’s Quick Look feature that affects Apple’s macOS. The vulnerability, classified as a classic buffer overflow, was addressed with improved bounds checking.

    Continue Reading →

  • Wire Secure Messenger Remote Format String Vulnerability

    A Format String vulnerability (CVE-2023-48221) in the Wire AVS library used in Wire Secure Messenger allows an attacker to cause a denial of service (application crash) or possibly execute arbitrary code via voice or video call. This affects Wire AVS (Audio, Video, and Signaling) before 9.2.22 and 9.3.5.

    Continue Reading →