Aardwolf Security Ltd

A high-severity stored cross-site scripting (XSS) vulnerability has been discovered in the MyCourts application, a platform used for tennis court booking and league management. This vulnerability, assigned   CVE-    -57424 , affects the LTA number profile field and carries a CVSS score of   7.3 (High) . The issue was responsibly disclosed to HBI Consulting Ltd and allows attackers to execute arbitrary JavaScript in user browsers, potentially leading to session hijacking and unauthorized access. Vulnerability Details Technical Overview The vulnerability exists in the profile settings functionality of the My Courts application, specifically within the LTA (Lawn Tennis Association) number field on  /my_profile_settings_process.asp . The application fails to properly sanitize user input before storing and displaying it, allowing malicious JavaScript code to be persisted in the database and executed whenever the profile is viewed. CVE ID:  CVE-2025-57424 Vendor:...

TLDR The Shai-Hulud npm attack represents the first successful self-replicating worm in the JavaScript ecosystem. This npm supply chain attack compromised over 180 packages between September 14-16, 2025. The malware steals developer credentials and secrets, then automatically spreads to other packages the victim maintains. Named after the giant sandworms from Dune, this JavaScript package  security vulnerability  marks a significant escalation in supply chain threats.                          The First Self-Replicating JavaScript Supply Chain Attack The Shai-Hulud npm attack emerged on September 15, 2025, when malicious versions of multiple popular packages were published to npm. This marked a dangerous evolution from previous attacks. Unlike targeted campaigns requiring human operators, the Shai-Hulud worm spreads automatically through compromised npm tokens. The novel malware strain is being dubbed Shai-Hulud —...

  Strengthen Microsoft workloads using professional Azure Penetration Testing. At aardwolfsecurity.com, experts detect risks, misconfigurations, and vulnerabilities, delivering remediation strategies that safeguard business operations, ensure compliance, and improve overall Azure cloud security posture. Azure Penetration Testing

  Aardwolfsecurity.com, a top penetration testing company in the UK, can assist you in protecting your business from cyberattacks. Avoid disclosing personal details. Penetration Testing Companies UK

  Aardwolfsecurity.com, a top penetration testing company in the UK, can assist you in protecting your business from internet attacks. Avoid disclosing personal details. Uk Penetration Testing Companies

  Secure your cloud environments with trusted Cloud Penetration Testing services. At aardwolfsecurity.com, vulnerabilities, misconfigurations, and access control flaws are identified, ensuring compliance, reduced exposure, and protection against unauthorized access and data breaches. Cloud Penetration Testing

  Using the Social Engineering Assessment from Aardwolfsecurity.com, you can protect your business from online attacks. Boost your defences and protect your data right now. Social Engineering Assessment

  Your business is best protected by Aardwolfsecurity.com Red Team Assessment Services in the UK. Protect your possessions today! Cloud Based Pen Testing

  Use Google Cloud Penetration Testing from Aardwolfsecurity.com to protect your business from online threats. By using our expert services, you can stay ahead of the game and protected. Google Cloud Penetration Testing

  Put your applications at risk by using the well-reviewed Application Penetration Testing Service from Aardwolfsecurity.com. Protect your business from internet threats today! cloud Based Pen Testing

  Searching for trustworthy consultants in penetration testing? Excellent services are provided by a team of knowledgeable experts at Aardwolfsecurity.com. For your cybersecurity requirements, put your trust in us.   cloud Based Pen Testing

  Protect your business with Aardwolfsecurity.com cloud-based pen testing services. Our skilled experts can help you safeguard your networks and data. Do it now! Cloud Based Pen Testing

  Utilise the Automated Penetration Testing Service offered by Aardwolfsecurity.com in the UK to protect your business from internet threats. Protect your data and mental health. Automated Penetration Testing Service UK