Ransomware Monitor
Ransomware Monitor
Latest Cyber News
Team.jobs
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Hardeman County Community Health Center
hit by BlackCat (ALPHV) Ransomware Gang - Actor: BlackCat (ALPHV) ...
8 months ago Twitter.com
8 months ago Twitter.com
Dilweg.com
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Birchallfoodservice.co.uk
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Zircodata.com
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Usmerchants.com
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Climatech.com
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Nfllp.com
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Birchall Foodservice
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Dilweg
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
ZircoDATA
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
KHSS (You have 3 days)
hit by BlackCat (ALPHV) Ransomware Gang - Actor: BlackCat (ALPHV) ...
8 months ago Twitter.com
8 months ago Twitter.com
Desarrollo De Tecnologia y Sistemas Ltda
hit by Akira Ransomware Gang - Actor: akira ...
8 months ago Twitter.com
8 months ago Twitter.com
Austen Consultants
hit by BlackCat (ALPHV) Ransomware Gang - Actor: BlackCat (ALPHV) ...
8 months ago Twitter.com
8 months ago Twitter.com
Dasteam.ch
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
[EN]
hit by Black Basta (Basta News) Ransomware Gang - Actor: Black Basta (Basta News) ...
8 months ago Twitter.com
8 months ago Twitter.com
Compressionleasing.com
hit by Dragonforce Ransomware Gang - Actor: dragonforce ...
8 months ago Twitter.com
8 months ago Twitter.com
Westward360.com
hit by Dragonforce Ransomware Gang - Actor: dragonforce ...
8 months ago Twitter.com
8 months ago Twitter.com
River Delta Unified School District
hit by Meow Ransomware Gang - Actor: meow ...
9 months ago Twitter.com
9 months ago Twitter.com
Advancedprosolutions.com\$5M\USA\54GB\<1%DISCLOSED
hit by Cactus Ransomware Gang - Actor: cactus ...
9 months ago Twitter.com
9 months ago Twitter.com
Finlay Screening & Crushing Systems
hit by Hunters Ransomware Gang - Actor: hunters ...
9 months ago Twitter.com
9 months ago Twitter.com
Compression Leasing Services
hit by Dragonforce Ransomware Gang - Actor: dragonforce ...
9 months ago Twitter.com
9 months ago Twitter.com
Sports Medicine Clinic
hit by BianLian Ransomware Gang - Actor: BianLian ...
9 months ago Twitter.com
9 months ago Twitter.com
Se.com\$$33.5B\France\1.5TB\<1%DISCLOSED
hit by Cactus Ransomware Gang - Actor: cactus ...
9 months ago Twitter.com
9 months ago Twitter.com
First Professional Services
hit by BianLian Ransomware Gang - Actor: BianLian ...
9 months ago Twitter.com
9 months ago Twitter.com
Spbglobal.com\$81.4M\Spain\706GB\100%DISCLOSED
hit by Cactus Ransomware Gang - Actor: cactus ...
9 months ago Twitter.com
9 months ago Twitter.com
Gocco.com\$937.9M\Spain\136GB\100%DISCLOSED
hit by Cactus Ransomware Gang - Actor: cactus ...
9 months ago Twitter.com
9 months ago Twitter.com
Parksite.com\$452.7M\USA\170GB\100%DISCLOSED
hit by Cactus Ransomware Gang - Actor: cactus ...
9 months ago Twitter.com
9 months ago Twitter.com
VSP Dental
hit by BlackCat (ALPHV) Ransomware Gang - Actor: BlackCat (ALPHV) ...
9 months ago Twitter.com
9 months ago Twitter.com
Chicago Zoological Society
hit by Hunters Ransomware Gang - Actor: hunters ...
9 months ago Twitter.com
9 months ago Twitter.com
BS&B Safety Systems L.L.C
hit by Hunters Ransomware Gang - Actor: hunters ...
9 months ago Twitter.com
9 months ago Twitter.com
Prudential Financial
hit by BlackCat (ALPHV) Ransomware Gang - Actor: BlackCat (ALPHV) ...
9 months ago Twitter.com
9 months ago Twitter.com
LoanDepot
hit by BlackCat (ALPHV) Ransomware Gang - Actor: BlackCat (ALPHV) ...
9 months ago Twitter.com
9 months ago Twitter.com
Trending Cyber News (last 7 days)
CVE-2024-9832 - There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2023-34049 - The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-6628 - The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-52409 - Deserialization of Untrusted Data vulnerability in Phan An AJAX Random Posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through 0.3.3. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-8856 - The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-11118 - The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings() function. This makes it possible for ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-50983 - FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2017-13310 - In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-52867 - guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2023-0657 - A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-10728 - The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-10533 - The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-52876 - Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions (in broadcast mode) via multiple read operations on the ASTM Remote ID (0xFFFA) GATT. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52872 - In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52397 - Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through 1.4. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52415 - Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52408 - Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52407 - Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52386 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-9887 - The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-10146 - The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins. ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-40408 - Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges. ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-40404 - Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-10614 - The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-9935 - The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-9192 - The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-8873 - The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-45610 - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-52416 - Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52406 - Unrestricted Upload of File with Dangerous Type vulnerability in Wibergs Web CSV to html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through 3.04. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52403 - Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52400 - Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-52399 - Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6. ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-10645 - The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘br’ parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2023-43091 - A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. ...
3 days ago Tenable.com
3 days ago Tenable.com
CVE-2024-40410 - Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption. ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-40405 - Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-50956 - A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-52550 - Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-39610 - Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-10113 - The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-50564 - Threat actors can gain access to a plain text encryption key that is saved as part of the FortiClient services executable files. Accessing this results in the decryption of sensitive information. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-49776 - A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-9849 - The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-9839 - The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-10883 - The SimpleForm – Contact form made simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.0. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-10147 - The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-9500 - A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-51765 - A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. ...
5 days ago Tenable.com
5 days ago Tenable.com