Aggregator

Our Annual Threat Report offers a close look at the top cyber threats our customers faced throughout 2024.

<p>This blog will guide you through how to be a successful threat hunter in cloud environments, along with some helpful tips and advice.</p>

Hoy estrenamos categoría nueva en el blog, categoría de herramientas. Una categoría que dedicaremos para hablar de herramientas que nos...

Власти страны потребовали удалить антивирус из всех государственных систем.

本文旨在深入探讨传统Web应用中的内存马（Tomcat内存马）攻击技术，重点分析其攻击原理、利用方式。

Никто не ожидал, что лечение бесплодия может оборваться из-за кибератаки.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting

今天分享我实验室白泽智能被计算机安全领域顶级会议USENIX2025录用的最新研究 Mirage in the Eyes，该工作提出了一种仅利用注意力汇聚行为来触发MLLMs产生幻觉内容的新型攻击方法，攻破多款开源、商用模型并保持其隐蔽性。

今天分享我实验室白泽智能被计算机安全领域顶级会议USENIX2025录用的最新研究 Mirage in the Eyes，该工作提出了一种仅利用注意力汇聚行为来触发MLLMs产生幻觉内容的新型攻击方法，攻破多款开源、商用模型并保持其隐蔽性。

今天分享我实验室白泽智能被计算机安全领域顶级会议USENIX2025录用的最新研究 Mirage in the Eyes，该工作提出了一种仅利用注意力汇聚行为来触发MLLMs产生幻觉内容的新型攻击方法，攻破多款开源、商用模型并保持其隐蔽性。

A vulnerability was found in Arcadia Internet Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality in the library tradecli.dll. The manipulation of the argument template leads to path traversal. This vulnerability is handled as CVE-2001-0705. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Oracle Retail Service Backbone 14.1/15.0/16.0. It has been classified as very critical. This affects an unknown part of the component RSB kernel. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2020-9546. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Retail Merchandising System 15. It has been declared as very critical. This vulnerability affects unknown code of the component Foundation. The manipulation leads to deserialization. This vulnerability was named CVE-2020-9546. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Financial Services Analytical Applications Infrastructure up to 8.1.0 and classified as very critical. This vulnerability affects unknown code of the component Infrastructure. The manipulation leads to deserialization. This vulnerability was named CVE-2020-9546. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Financial Services Institutional Performance Analytics 8.0.6/8.7.0/8.1.0 and classified as very critical. This issue affects some unknown processing of the component User Interface. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2020-9546. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Financial Services Price Creation and Discovery 8.0.6/8.0.7. It has been classified as very critical. Affected is an unknown function of the component User Interface. The manipulation leads to deserialization. This vulnerability is traded as CVE-2020-9546. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Financial Services Retail Customer Analytics 8.0.6. It has been rated as very critical. Affected by this issue is some unknown functionality of the component User Interface. The manipulation leads to deserialization. This vulnerability is handled as CVE-2020-9546. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Insurance Policy Administration J2EE 11.0.2.25/11.1.0.15. It has been classified as very critical. This affects an unknown part of the component Architecture. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2020-9546. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle JD Edwards EnterpriseOne Orchestrator up to 9.2.4. It has been classified as very critical. Affected is an unknown function of the component E1 IOT Orchestrator Security. The manipulation leads to deserialization. This vulnerability is traded as CVE-2020-9546. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle JD Edwards EnterpriseOne Tools up to 9.2.4. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component EnterpriseOne Mobility Sec. The manipulation leads to deserialization. This vulnerability is known as CVE-2020-9546. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.