ALL POSTS

Key Findings Cybersecurity researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer malware. By exploiting the flaw, researchers were able to collect system fingerprints, monitor active sessions, and steal cookies from the infrastructure designed for cookie theft. StealC is a malware-as-a-service (MaaS) offering that emerged in January 2023, leveraging YouTube as a primary distribution

Key Findings Newly disclosed vulnerabilities in Apache OFBiz, an open-source ERP platform CVE-2025-59118: Unrestricted File Upload vulnerability allowing remote command execution (RCE) CVE-2025-61623: Reflected cross-site scripting (XSS) vulnerability Background Apache OFBiz is an open-source enterprise resource planning (ERP) software used for managing critical business workflows, including accounting, e-commerce, and inventory management. As a widely adopted ERP platform, v