Aggregator

Charming Kitten goes retro and consolidates its backdoor into a tighter package, abandoning the malware framework trend.

Федералы раскрывают масштабный план Ирана по срыву выборов.

社区速递 058 | 你没见过的社区文章、一周最热评、派友在用的电纸书除了首页时间流和侧栏的精选展位，少数派 Matrix 社区还有很多优秀内容因条件所限无法得到有效曝光，因此我们决定重启 Matri

Как ведут себя электроны при температуре, близкой к абсолютному нулю?

This article is about the massive BSOD triggered by CrowdStrike worldwide on July 19. Anal

游戏才刚上市，就已经掀起了中国商业市场的狂欢。

前言前段时间笔者发布了MDUT-Extend的第一个版本,在发布之后得到了许多师傅的支持和打赏。

起因某次护网应急响应,发现了最新版的某报表的被打掉了,日记记录channel触发的反序列化进行攻击的,和spr

Researchers discovered thousands of Oracle NetSuite e-stores that are vulnerable to data leak, sensitive customer information is at risk. Cybersecurity researchers from AppOmni warn of a potential issue in Oracle NetSuite SuiteCommerce platform could allow attackers to access customer sensitive data. NetSuite is a widely used SaaS Enterprise Resource Planning (ERP) platform, valued for its […]

Oracle NetSuite misconfiguration could lead to data exposureResearchers discovered thousands o

楽天グループ株式会社が提供するスマートフォンアプリ「楽天市場アプリ」には、アクセス制限不備の脆弱性が存在します。

苹果推出了其播客应用的 Web 版本，听众可通过主流浏览器收听播客节目。用户可访问以前只能通过播客应用使用的功能，如排行榜、订阅付费播客，等等。用户可以选择登录，如果不登录的话功能会受限，但浏览功能、搜索功能和收听功能都能正常使用。苹果也向中国区用户提供了大量中文播客节目。

A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform. This vulnerability, CVE-2024-5932, exposes over 100,000 WordPress sites to potential remote code execution (RCE) attacks. The vulnerability was responsibly disclosed by a security researcher named villu164 through the Wordfence Bug Bounty Program. CVE-2024-5932 – The Vulnerability Explained PHP […]

The post Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. This vulnerability is uniquely identified as CVE-2024-8005. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

KCon 2024就等你了！

Submit #393981 / VDB-275199

A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-8003. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #393987 / VDB-275198

The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day.

Related: GenAI’s impact on elections

It turns out that the vast datasets churned out by cybersecurity toolsets happen to be … (more…)

The post NEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurity first appeared on The Last Watchdog.

The post NEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurity appeared first on Security Boulevard.