Dark Reading

Google WordPress Plug-in Bug Allows AWS Metadata Theft

A vulnerability in the Google Web Stories plug-in for WordPress could be exploited via a server-side request forgery (SSRF) vulnerability to steal Amazon Web Services (AWS) metadata from sites hosted ...
Bleeping Computer

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. The ...
Bleeping Computer

Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw

Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware ...
Security

Oxeye AppSec Platform automatically DiscoversOwncast & EaseProbe security vulnerabilities

TEL AVIV – July 11, 2023 – Oxeye, the provider of an award-winning cloud-native application security platform, has uncovered two critical security vulnerabilities and is recommending immediate action ...