Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

ALL

5

Frontline Mandiant investigations, expert analysis, tools and guidance, and in-depth security research.

Learn how to protect your ML advantage. Check out HiddenLayer’s recent releases, announcements, and musings on protecting your algorithms.

HijackLibs provides an curated list of DLL Hijacking candidates, mappings between DLLs and vulnerable executables, with additional metadata for more context. For defenders, this project can provide valuable information when trying to detect DLL Hijacking attempts; for red teamers, this project can help identify DLLs that can be used to achieve DLL Hijacking.

The latest ISC2 updates, along with member views on global cybersecurity trends and issues, public policy, technology innovation and more.

Read about the latest DevOps trends, news on JFrog products, launches, announcements and more.

Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and products. We combine high-­end security research with a real­ world attacker mentality to reduce risk and fortify code.

Hacktoria creates CTF Games for OSINT and Digital Forensics enthusiasts. Overlaying fictional events and organizations over our real world, we create immersive games that make learning fun.

Internet threats and cybersecurity are constantly evolving. To protect yourself and your systems, make sure you know the latest threats and solutions. Learn more from our internet security blog.

PeeringDB is a freely available, user-maintained, database of networks, and the go-to location for interconnection data. The database facilitates the global interconnection of networks at Internet Exchange Points (IXPs), data centers, and other interconnection facilities, and is the first stop in making interconnection decisions.

Understandable online privacy & cybersecurity information to keep you and your data safe. Latest cybersecurity research & trends.

Explore cybersecurity courses and certificates. Many organizations have been victims of cybersecurity breaches. Cybersecurity specialists play a critical role in protecting against these attacks. Learn how to become a cybersecurity specialist with online cybersecurity courses offered through edX.

Check if your email address is in a data breach. Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

Quickly check if your email has been sold. Report the GDPR-violator, then learn how to prevent this from happening again by scrolling down.

Explore the latest news and expert commentary on IT Infrastructure brought to you by the editors of ITPro Today.

With a massive growth in new malware and infections, macOS security awareness is now more important than ever. Yet many people believe that if they are using macOS they are safe and should not be concerned about getting infected. Even though malware for macOS is years behind Windows malware in the sense of sophistication, complexity and number of infections, macOS malware is becoming more sophisticated as time goes by. Furthermore, it uses more ways to infect, evade and abuse the macOS architecture to deliver malware, for example - using applications signed with legitimate Apple developer certificates to avoid detection.

At Objective-See our goal is simple, create free open-source security tools for macOS!

Global Cybersecurity Threat Analysis and Hunting.

Keep up to date with Halcyon's announcements and research here.

The RRA (Recent Ransomware Attacks) site acts as a watchtower, providing near real-time ransomware tracking of attacks, groups and their victims. Given threat actors' overarching. lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

Catch up on the latest security news from Promon. We cover relevant topics from the security space such as application security, iOS and android malware, code obfuscation, compliance, API protection and more.

A subreddit dedicated to hacking and hackers. Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.

A place to ask questions and share advice about the security clearance process.

Blog from Red Siege. Red Siege is an information security company focusing on real world threats to you and your organization.

Get regular updates from the world of cloud security. In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

The Vectra blog covers a wide range of cybersecurity topics, including exploits, vulnerabilities, malware, insider attacks, threat actors, artificial intelligence, and more. Start reading to learn more about us, and subscribe to stay current with the newest blog posts.

WhiteIntel Dark-Web Intelligence Services. Detect your leaked passwords in dark-web and info stealer leaks.

ProPublica is an independent, non-profit newsroom that produces investigative journalism in the public interest.

Read ThreatLocker's latest blogs. Learn more about business cybersecurity solutions, ransomware protection, endpoint cybersecurity and more!

ThreatMiner is a threat intelligence portal that provides information on indicators of compromise (IOC) such as domains, IP address, malware samples (MD5, SHA1 and SHA256), SSL certificates, WHOIS information and malicious URLs such as phishing and malware links.

Explore Triage's Malware Analysis Sandbox to dissect your malware samples. Access malware trends, and a customizable environment for in-depth analysis and classification.

404 Media is a new independent media company founded by technology journalists Jason Koebler, Emanuel Maiberg, Samantha Cole, and Joseph Cox.

Blog from AhnLab Security Emergency response Center.

Welcome to GeoSpy Public Demo. Photo location prediction using AI. Take a picture or select an existing one.

The mission of the Internet Crime Complaint Center is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.

Explore the Red Canary blog for expert tips on increasing visibility, expanding detection coverage, and improving information security. Security teams need an ally to help defend against adversaries. Check out our blog for breaking research and insights into threat detection, intelligence, and incident response.

The DNA test for websites.

This encyclopedia contains the description of anti-debug tricks which work on the latest Windows releases with the most popular debuggers (such as OllyDbg, WinDbg, x64dbg). Deprecated techniques (e.g. for SoftICE, etc.) are not included (despite all the love to SoftICE).

We discuss hot topics, malware behavior, techniques, practices for analyzing malicious files, and of course, we will talk more about our online interactive sandbox.

CISA provides information on cybersecurity best practices to help individuals and organizations implement preventative measures and manage cyber risks.