VulnHub

Real-time Cybersecurity News

Articles tagged "XSS"

Found 4 articles

StealC malware control panel flaw leaks details on active attacker

Security Affairs

Actively Exploited

Researchers have identified a cross-site scripting (XSS) vulnerability in the control panel of StealC malware, an infostealer that has been operating since at least 2023. This malware, which is sold as a service, targets and extracts sensitive information like cookies and passwords from victims. The flaw in the control panel has exposed important details about the attackers behind the malware, raising concerns about the ongoing threat to users' data security. Since its update to StealC v2 in 2025, the malware has continued to pose risks to individuals and organizations alike. The discovery emphasizes the need for vigilance against such malware, as the information leak could lead to further malicious activities by the attackers.

Impact: StealC malware, control panel of StealC v2
Remediation: Users should ensure their systems are protected with up-to-date security software and remain cautious of suspicious links or downloads.
VulnerabilityUpdateMalwareXSS
Read Original
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

The Hacker News

Researchers have identified a cross-site scripting (XSS) vulnerability in the control panel of StealC, a malware used for stealing information. This flaw allowed the researchers to monitor the activities of the threat actor behind the malware, including capturing system fingerprints and tracking active sessions. The discovery is significant as it provides a rare glimpse into the operations of cybercriminals who utilize this malware. Understanding how these operators function can aid in developing better defenses against such threats. As StealC continues to be a tool for attackers, this vulnerability highlights the ongoing risks associated with information-stealing malware.

Impact: StealC information stealer malware control panel
Remediation: N/A
VulnerabilityMalwareXSS
Read Original
StealC hackers hacked as researchers hijack malware control panels

BleepingComputer

Actively Exploited

Researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel of the StealC info-stealing malware. This flaw allowed them to monitor the malware operators' active sessions and collect data on their hardware setups. StealC is designed to steal sensitive information from users, which means this incident not only exposes the attackers but also raises concerns about the ongoing effectiveness of such malware. Understanding these vulnerabilities can help cybersecurity experts develop better defenses against similar threats. The incident serves as a reminder that even sophisticated malware can have weaknesses that researchers can exploit to gain insights into cybercriminal operations.

Impact: StealC info-stealing malware control panel
Remediation: Implement proper input validation and sanitization to mitigate XSS vulnerabilities; regularly update security protocols for web applications.
ExploitVulnerabilityMalwareXSS
Read Original
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities

SecurityWeek

MITRE has released its 2025 list of the top 25 most dangerous software vulnerabilities, with Cross-Site Scripting (XSS) taking the top spot. It is followed by SQL injection and Cross-Site Request Forgery (CSRF). Other notable vulnerabilities include buffer overflow issues and improper access control. This list serves as a critical resource for developers and security professionals to understand the most pressing risks to their applications. By addressing these vulnerabilities, organizations can significantly reduce their exposure to cyberattacks that exploit these weaknesses.

Impact: N/A
Remediation: Organizations should implement secure coding practices and regularly update their software to mitigate these vulnerabilities.
ExploitXSSCritical
Read Original