Aggregator

Китайская разработка показала мощные результаты в aider polyglot benchmark.

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves the systematic collection and exploitation of genuine identity documents and images.  Attackers utilize these resources to develop and sell techniques for bypassing identity verification systems, presenting a significant database and evolving threats to businesses and individuals alike.  Researchers have identified […]

The post A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Adobe has issued a critical security update for ColdFusion versions 2023 and 2021 to address a major vulnerability that could lead to an arbitrary file system read. The identified vulnerability, CVE-2024-53961, has a known proof-of-concept exploit, making the updates crucial for users. This release underscores Adobe’s commitment to ensuring the security and integrity of its […]

The post Adobe Warns of ColdFusion Vulnerability Allows Attackers Read arbitrary files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Chyrp up to 2.1.1/2.5 Beta 1. It has been declared as problematic. This vulnerability affects unknown code of the file includes/ajax.php. The manipulation of the argument content/body as part of Parameter leads to cross site scripting. This vulnerability was named CVE-2012-1001. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, were recently detected by Fortinet’s AI-driven OSS malware detection system. These packages, spotted on November 16 and November 24, 2024, respectively, represent significant threats to users by leveraging advanced malware techniques. These findings underscore the critical importance of robust cybersecurity measures to protect against such sophisticated threats. Malicious […]

The post Beware of New Malicious PyPI packages That Steals Login Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

根据海关总署公布数据，2023 年中国汽车出口量为 522.1 万辆，日本为 442.3 万辆，中国首次超过日本，成为全球最大汽车出口国。2024 年根据位于新加坡的市场研究公司 Canalys 的数据，中国汽车出口实现持续增长，前三季度中国本土品牌出口量增长了 27% 达到了 310 万辆。华创证券预测，2025年中国汽车出口增速将放缓，但其中乘用车出口量仍可能达到558万辆，同比增长 14%。其中放缓原因在于遭遇来自欧盟的额外关税压力。瑞银（UBS）去年预测，至 2030 年中国汽车将占据全球 33% 的市场份额，高于 2023 年的 17%。

A Brazilian man, Junior Barros De Oliveira, has been charged with multiple counts of cybercrime and extortion for hacking into the computer systems of a Brazilian subsidiary of a New Jersey-based company and attempting to extort millions in Bitcoin. The indictment, unsealed in Newark federal court on December 23, 2024, accuses De Oliveira of accessing […]

The post Brazilian Hacker Arrested Hacking Computers & Selling Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

McDonald’s India (West & South) / Hardcastle Restaurants Pvt. Ltd. operates a custom McDelivery web app for ordering McDonald’s food for delivery, dine-in, and takeout.  The app is popular, with over 10 million downloads on Google Play and #16 in Food & Drink on the Apple App Store and offers various options to choose from […]

The post McDonald’s Delivery App Bug Let Customers Orders For Just $0.01 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical was found in SCO UnixWare up to 7.1.16. This vulnerability affects unknown code of the file pkgtrans. The manipulation leads to symlink following. This vulnerability was named CVE-1999-0988. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Id Software Quake 2i Server 3.20/3.21. It has been rated as critical. Affected by this issue is some unknown functionality of the component Macro Handler. The manipulation of the argument $ leads to improper privilege management. This vulnerability is handled as CVE-2002-0770. The attack may be launched remotely. Furthermore, there is an exploit available.

Cryptocurrency hacking incidents in 2024 surged 21.07% YoY to $2.2 billion, with 303 breaches reported, which marks the fifth year exceeding $1 billion in stolen funds, demonstrating a concerning correlation between crypto market growth and the scale of cyberattacks.  Crypto hacking activity experienced a significant surge in the first half of 2024, reaching $1.58 billion […]

The post North Korean Hackers Stolen $2.2 Billion From Crypto Platforms In 2024 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-12941. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Apple macOS 10.12.0. Affected is an unknown function of the component System Boot. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2016-4669. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

一名网络游戏玩家为了在与其他玩家关于游戏载具性能的争论中获胜，将现实中有关欧洲“台风”战斗机的秘密文件上传到了网上。

A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. This vulnerability is handled as CVE-2024-12969. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function edit_jobpost of the file /_parse/_all_edits.php. The manipulation of the argument jobtype leads to sql injection. This vulnerability is known as CVE-2024-12968. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to sql injection. This vulnerability is traded as CVE-2024-12967. It is possible to launch the attack remotely. Furthermore, there is an exploit available.