Aggregator

A vulnerability was found in WordPress 4.5.3. It has been classified as critical. Affected is the function wp_ajax_update_plugin of the file ajax-actions.php. The manipulation leads to path traversal. This vulnerability is traded as CVE-2016-6896. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted […]

苹果宣布开源 Swift Build，源代码托管在 GitHub 上，采用 Apache License 2.0 许可证。Swift 语言被用于为苹果旗下的各种操作系统开发软件，Swift Build 是一个强大且可扩展的构建引擎，提供了一套用于构建 Swift 项目的构建规则。Swift Build 是 Xcode 使用的引擎，开源库还包括对 Linux 和 Windows 的支持。

A vulnerability classified as problematic was found in OneOrZero Action And Information Management System 2.8.0. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2012-0989. The attack can be launched remotely. Furthermore, there is an exploit available.

Name: ECTF (an ECTF event.)
Date: Jan. 31, 2025, 11 a.m. — 02 Feb. 2025, 11:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ectf.fr/
Rating weight: 0.00
Event organizers: CYBER & CHILL

Name: Nullcon Goa HackIM 2025 CTF (an HackIM event.)
Date: Feb. 1, 2025, 8:30 a.m. — 02 Feb. 2025, 08:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.nullcon.net/
Rating weight: 30.00
Event organizers: ENOFLAG

Name: BearcatCTF 2025: World Tour (an Bearcat CTF event.)
Date: Feb. 1, 2025, noon — 02 Feb. 2025, 12:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://play.bearcatctf.io/
Rating weight: 23.89
Event organizers: Cyber@UC

A vulnerability classified as critical was found in vBulletin up to 4.2.2 PL4/4.2.3. Affected by this vulnerability is an unknown functionality of the file forumrunner/includes/moderation.php. The manipulation of the argument postids leads to sql injection. This vulnerability is known as CVE-2016-6195. The attack can be launched remotely. Furthermore, there is an exploit available. A worm is spreading, which is automatically exploiting this vulnerability. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Blue Coat ProxySG 4.2.6/5.2.2.4. This issue affects some unknown processing of the component Management Console. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2007-5796. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Debian Linux 3.1. Affected is an unknown function of the component man-db. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2006-4250. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Explore key cybersecurity trends for 2025, including ransomware evolution, supply chain vulnerabilities, and identity-based threats. Discover actionable strategies and expert insights to strengthen your organization’s resilience.

The post A Surge in Identity-based Attacks: Cybersecurity trends from Sygnia’s new 2025 Field Report appeared first on Sygnia.

A vulnerability has been found in ScriptsFeed Scripts Directory and classified as critical. Affected by this vulnerability is an unknown functionality of the file info.php. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2010-2905. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in skysa Skysa App Bar Integration plugin up to 1.2. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument submit leads to cross site scripting. This vulnerability is traded as CVE-2011-5179. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

LLM赋能恶意代码分析初探，希望对初学者有帮助！新年快乐，共勉。

LLM赋能恶意代码分析初探，希望对初学者有帮助！新年快乐，共勉。

A vulnerability classified as very critical has been found in aVirt Mail Server 4.0/4.2/4.4rc1. Affected is an unknown function of the component RCPT TO/MAIL FROM Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2000-0971. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

美国CISA报告称Contec CMS8000病人监护仪存在软件供应链后门

美国CISA报告称Contec CMS8000病人监护仪存在软件供应链后门

美国CISA报告称Contec CMS8000病人监护仪存在软件供应链后门