The Dangerous websites Warning List will soon be five years old. Over this time it stopped millions of attempts to connect to malicious domains and has become our most effective tool in the fight against phishing websites.

XSS (Cross-site Scripting) vulnerability has been found in Kentico CMS software (CVE-2024-12907).

CERT Polska has received a report about 2 vulnerabilities (CVE-2024-11716 and CVE-2024-11717) found in CTFd software.

Vulnerability CVE-2024-12993 allowing revealing the user’s location has been found in Infinix Mobile com.rlk.weathers application.

XSS (Cross-site Scripting) vulnerability (CVE-2024-10385) has been found in DirectAdmin Evolution Skin software.

Incorrect Authorization vulnerability (CVE-2023-4617) has been found in Govee Home mobile application on Android and iOS.

CERT Polska has received a report about 2 vulnerabilities ( CVE-2024-4995 and CVE-2024-4996) found in Wapro ERP Desktop software from Asseco Business Solutions.

CERT Polska has received a report about 2 XSS (Cross-site Scripting) vulnerabilities (CVE-2024-7874 and CVE-2024-7875) found in Tungsten Automation (formerly Kofax) TotalAgility software.

Improper Verification of Intent by Broadcast Receiver vulnerability (CVE-2024-10576) allowing unauthorized factory reset has been found in Infinix Mobile preloaded application com.transsion.agingfunction.

Fraudsters on social media lure users with fake ads promising easy money from celebrities or insider access to government investment programs. These advertisements lead to harmful websites designed to trick or exploit users.