Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks

July 2, 2025

Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks

Security experts have uncovered a hole in Cl0p’s data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack.
The vulnerability in the Python-based software, which wa …

Published Date:
Jul 02, 2025 (5 hours, 11 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-36934

CVE-2023-34362

Source: Read More

Previous ArticleYONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack

Next Article fnt – apt for fonts

Highlights

CVE-2025-5340 – Elementor Music Player Stored Cross-Site Scripting Vulnerability

June 3, 2025

CVE ID : CVE-2025-5340

Published : June 3, 2025, 12:15 p.m. | 3 hours, 14 minutes ago

Description : The Music Player for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘album_buy_url’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

The impact of gray work on software development

CSS Intelligence: Speculating On The Future Of A Smarter Language

Hallucinated code, real threat: How slopsquatting targets AI-assisted development

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Microsoft is closing down Xbox studio The Initiative, with Perfect Dark killed as well — joining Everwild and ZeniMax’s new IP, and other unannounced projects

No, Microsoft and Xbox’s Phil Spencer isn’t stepping down any time soon — here’s the truth

Everwild’s cancellation has me worried for one of my favorite dev teams and Xbox itself — It needs creative new games to thrive and refresh its identity

Trust but Verify: The Curious Case of AI Hallucinations

Trust but Verify: The Curious Case of AI Hallucinations

From Flow to Fabric: Connecting Power Automate to Microsoft Fabric

Flutter Web Hot Reload Has Landed – No More Refreshes!

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Microsoft is closing down Xbox studio The Initiative, with Perfect Dark killed as well — joining Everwild and ZeniMax’s new IP, and other unannounced projects

No, Microsoft and Xbox’s Phil Spencer isn’t stepping down any time soon — here’s the truth

Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks

Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks

Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available

CVE-2025-20309 affects Cisco Unified CM

Microsoft updates Copilot app with guided tour for new users

Now Generally Available: 7 New Resource Policies to Strengthen Atlas Security

Reflection Begins in Pre-Training: Essential AI Researchers Demonstrate Early Emergence of Reflective Reasoning in LLMs Using Adversarial Datasets

App Like Dubizzle on a Startup Budget? Here’s the Leanest Way to Build It

CVE-2025-5340 – Elementor Music Player Stored Cross-Site Scripting Vulnerability

Pushing the frontiers of audio generation

SonicWall SMA VPN devices targeted in attacks since January

Guide to Using the Desktop Commander MCP Server

Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks

Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks

Related Posts