macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.

ALL

10

OSINT, Leaks, Breaches, Accounts, Networks and More.

The latest updates on cybersecurity from today’s experts. Read about ransomware, vulnerabilities, and threat intelligence impacting businesses.

Peace of mind for you and your customers.

The purpose of the threat matrix for Kubernetes is to conceptualize the known tactics, techniques, and procedures (TTP) that adversaries may use against Kubernetes environments. Inspired from MITRE ATT&CK, the threat matrix for Kubernetes is designed to give quick insight into a potential TTP that an adversary may be using in their attack campaign. The threat matrix for Kubernetes contains also mitigations specific to Kubernetes environments and attack techniques.

Study Cyber Security And Help Boost Your Job Prospects. Browse Accredited Courses From UK's Top Universities & Training Academies. Free Cyber Security Course Guide.

Have fun hacking our virtual machines and learning.

Phishing, social engineering, and modern threats.

Articles for Cloud-Native Application and API Security.

Read interesting articles and news on cybersecurity, application security, and data security. Explore the Wallarm Blog.

Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

Scan, Track, Secure Proactive C&C Infrastructure Monitoring Across the Web.

Every security issue is our affair. Read, think, share … Security is everyone's responsibility.

Cyber security news about current events and insights for executives, plus news trending now on ransomware, malware, phishing, and other issues executed by hackers.

This short book is written for people who want to understand the internals of 'heap memory', particularly the implementation of glibc's 'malloc' and 'free' procedures, and also for security researchers who want to get started in the field of heap exploitation.

Thoughts, research, reports, and more from Truffle Security Co.

TWiT technology podcasts cover tech news, cybersecurity, enterprise IT, and reviews. Leo Laporte and top tech pundits discuss Apple, Windows, Google, and more.

Everything you need to know about Identity Infrastructure, Access Management, SSO and JWT Authentication.

The issue tracker for Firefox and other Mozilla products.

A mix of in-depth nuanced takes on current events and highly technical original research by Marcus Hutchins. I cover a wide array of topics such as vulnerability research, threat intelligence, national security, reverse engineering, and Windows internals.

29 year old cybersecurity specialist, speaker, and ex-hacker. Best known for stopping the global WannaCry ransomware attack. Background in programming & threat intelligence.

Explore Our Blog for Cutting-Edge Cybersecurity Strategies.

A community for sharing and discussing novel web security research.

Welcome to the Arkose Labs blog. Read informative articles on fraud prevention, account security, authentication, digital authenticity, and more.

AT&T Cybersecurity blogs offer news on emerging threats and practical advice to simplify threat detection, incident response, and compliance management.

CWE (Common Weakness Enumeration) is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

Distributed Denial of Secrets (DDoSecrets) is a journalist 501(c)(3) non-profit publishing and archiving leaks, and devoted to the free transmission of data in the public interest.

Sparked by a leak of emails from the Colombian prosecutor’s office, NarcoFiles is the largest investigative project on organized crime to originate in Latin America.

Introducing a project to track down and catalogue the vast wealth held outside Russia by oligarchs and key figures close to Russian President Vladimir Putin.

This is the largest ever leak of account data from a major Swiss bank. Here are the stories we found inside.

How new surveillance states keep democracy and the public in check.

Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.

What Errors Are Included in the Top 25 Software Errors? Computer security training, certification and free resources. We specialize in computer/network security, digital forensics, application security and IT audit.

The only non-profit, independent & volunteer based publication in the information security space. Cybersecurity articles written by hackers!

Blog about reverse-engineering, hacking and breaking your software in every way imaginable.

10