Dataproof Communications

NextGEN Gallery - SQL Injection NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'.The root cause is an insufficient sanitization function ('_clean_column()') in the data mapper layer that uses a character blacklist instead of a whitelist approach. This allows an authenticated attacker with the...

By: Jacob Malimban, Intelligence TeamThreat actors are abusing image file hosting websites and file sharing services to deliver malware while evading enterprise security controls. Unlike more common, relatively simplistic, modern-day threats, these threat actors appear to be more sophisticated and less likely to send large-scale, minimally targeted attacks. The threat actors use a combination of steganography, encodings, and multiple...

- Read more

AI is becoming core to financial services. But as adoption scales, so does risk. Without secure, real-time data, strong governance, and cyber resilience, AI can amplify threats as quickly as it drives innovation. - Read more

Sensor Intel Series: April 2026 CVE Trends - Read more

macOS users are facing a new and sophisticated threat as a variant of the SHub infostealer malware, dubbed “Reaper,” has been observed deploying a fake Google Software Update LaunchAgent to maintain persistent access on infected machines. The malware stays hidden by borrowing the identity of brands that users already trust, making it exceptionally difficult to spot without dedicated...

The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that take advantage of specific customer configurations and designs. Understanding these tactics can help inform your architecture decisions, improve your response plans, and detect...

Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news over the weekend, acting on a tip from researcher Guillaume Valadon at GitGuardian. Valadon confirmed the information...

Microsoft confirmed that KB5089549 can fail with error 0x800f0922 on Windows 11 devices with low EFI partition space, and shared workarounds are available. The post Microsoft Confirms Windows Update Bug Blocking Security Fixes appeared first on TechRepublic. - Read more

Organizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for that class of data. In another, a security group might allow broader access than intended. Required tags might be missing. Encryption might be assumed but not configured. These...