Tag: xss

2 Attack Reports | 0 Vulnerabilities

Attack reports

Operation RoundPress targeting high-value webmail servers

ESET researchers have uncovered a Russia-aligned espionage operation named RoundPress, targeting high-value webmail servers through XSS vulnerabilities. The campaign, attributed to the Sednit group, aims to steal confidential data from specific email accounts. Initially focused on Roundcube in 2023…
espionage
spearphishing
russia
zero-day
credential theft
xss
data exfiltration
CVE-2024-27443
CVE-2024-11182
2025-05-15
2025-05-18
webmail
eastern europe
spypress.roundcube
spypress.mdaemon
CVE-2023-43770
spypress.zimbra
spypress.horde
Published: May 18, 2025
Linked vulnerabilities : CVE-2024-27443, CVE-2024-11182 (CVSS 6.1), CVE-2020-35730, CVE-2023-23397, CVE-2023-43770
Downloadable IOCs: 16

Active exploitation of stored XSS vulnerabilities in WordPress Plugins

Recent months have witnessed active exploitation attempts targeting multiple cross-site scripting (XSS) vulnerabilities in popular WordPress plugins. The attacks involve injecting malicious scripts that create new admin accounts, install backdoors, and implement tracking mechanisms. The affected pl…
CVE-2023-6961
wordpress
2024-05-31
xss
CVE-2023-40000
CVE-2024-2194
Published: May 31, 2024
Linked vulnerabilities : CVE-2023-6961 (CVSS 7.2), CVE-2023-40000, CVE-2024-2194
Downloadable IOCs: 28
Click here to see more Attack Reports