Estimated reading time: 3 minutes
Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) The eMagicOne Store Manager for WooCommerce plugin is in WordPress used to simplify and improve store management by providing functionality not found in the normal WooCommerce...
Estimated reading time: 3 minutes
Our previous blog explored an XSS vulnerability within the Bookly plugin (WordPress Online Booking and Scheduling Plugin – Bookly). Today, we will delve into another XSS vulnerability that came to light during our research on the same plugin. Our...
Estimated reading time: 4 minutes
On June 2, 2022, CVE-2022-26134 “Confluence,” a zero-day remote code execution vulnerability, was discovered in all versions of the Confluence Server and Data Center. The attack was detected to be of high severity (CVSS:9.0/10.0) according to a security advisory...
Estimated reading time: 5 minutes
On May 30, 2022, CVE-2022-30190 “FOLLINA,” a zero-day remote code execution vulnerability discovered in Microsoft Windows Support Diagnostic Tool (MSDT) with high severity (CVSS:9.3). This MSDT tool diagnoses issues with applications such as Microsoft Office documents. Initial attack vector...
Estimated reading time: 2 minutes
A Zero-day Remote Code Execution Vulnerability with high severity has been identified as CVE-2022-30190 “FOLLINA” in Microsoft Windows Support Diagnostic Tool (MSDT). MSDT is a tool present on Windows version 7 and above and is used for the diagnosis...
Estimated reading time: 2 minutes
A Zero-day Remote Code Execution Vulnerability with critical severity has been identified as CVE-2022-22965 aka Spring4Shell or SpringShell in Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 & older. The Spring Framework is an open-source, popular, feature-rich application...
Estimated reading time: 2 minutes
A critical zero-day vulnerability (CVE-2021-44228) was recently discovered in Apache Log4J, the popular Java open source logging library used in countless worldwide applications. The maximum severity vulnerability has been identified as ‘Log4Shell’, which, if exploited, could permit a remote...
Estimated reading time: 6 minutes
For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to...
Estimated reading time: 6 minutes
Cyber-attacks through phishing emails are increasing and generally, attackers use DOC embedded macros to infiltrate victim’s machine. Recently Quick Heal Security Labs came across a Phishing e-mail sample which uses Microsoft’s equation editor exploit to spread Hawkeye keylogger. Cybercriminals...