February 12, 2024 at 11:57PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a medium-severity security flaw affecting Roundcube email software to its known exploited vulnerabilities catalog. Tracked as CVE-2023-43770, the cross-site scripting (XSS) flaw in Roundcube Webmail allows for information disclosure via malicious link references. Agencies are mandated to apply fixes by … Read more
February 12, 2024 at 02:03PM CISA warns of active exploitation of Roundcube email server vulnerability (CVE-2023-43770), impacting versions newer than 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. The security flaw leads to persistent cross-site scripting attacks. CISA has added it to the Known Exploited Vulnerabilities Catalog, urging immediate patching by federal agencies and private … Read more
December 21, 2023 at 06:06AM Mozilla has revised its position to implement Trusted Types in its Firefox browser, aiming to decrease web attacks relying on injected code. This technology addresses DOM-XSS, reducing the common vulnerability. Still undergoing technical improvements, it’s expected to enhance web security when widely adopted. Tech giants like Google, Meta, and Microsoft … Read more
November 16, 2023 at 11:48AM A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups, resulting in the theft of email data, user credentials, and authentication tokens. The flaw, tracked as CVE-2023-37580, allowed the execution of malicious scripts by tricking users into clicking on a specially crafted URL. The attacks … Read more