The billion-dollar security.txt problem
Yesterday, Sansec discovered an active keylogger at an external site of one of America’s largest banks. The malware was harvesting private information from over 200,000 potential victims. We detect…
Latest Security Updates
View All →Keylogger targets 200,000+ employees at major US bank
Update Jan 15th: the malware appears to have been removed. It was live for about 18 hoursSansec detected a keylogger on the employee store of one of America’s largest banks. The site serves over 2…
ConnectPOS leaked Github secrets for years
Sansec researchers discovered that ConnectPOS, a popular Point of Sale solution, had been exposing a GitHub Personal Access Token (PAT) in their public installation instructions for over four years…
Critical backdoor found in MGT Varnish extension
NameMgt_VarnishVulnerable1.0.10 and earlierFixed in1.1.0Sansec researchers discovered a critical vulnerability in the popular Varnish module for Magento. This module, develope…
CVE-2025-64537 (CRITICAL) CVSS 9.3
🔴 Severity: CRITICAL (CVSS 9.3)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are …