Aggregator

Alleged Leak of Data of Acuity Insurance

A vulnerability was found in OISF Suricata up to 6.0.16/7.0.3. It has been classified as critical. Affected is an unknown function of the component SSH Banner Parser. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-28870. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Relyum RELY-PCIe up to 23.1.0. It has been declared as critical. This vulnerability affects the function getParams of the file phpinf.php. The manipulation leads to code injection. This vulnerability was named CVE-2024-44570. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as problematic was found in Cisco Identity Services Engine Software 2.7.0/3.0.0/3.1.0/3.2.0/3.3.0. Affected by this vulnerability is an unknown functionality of the component Web-based Management Interface. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-20368. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Ecshop 3.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file ecshop/article_cat.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-35362. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in GDidees CMS up to 3.9.1 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2024-46101. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Veeam ONE up to 12.1.0.3208. It has been classified as critical. Affected is an unknown function of the component Agent Service. The manipulation leads to execution with unnecessary privileges. This vulnerability is traded as CVE-2024-42024. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Veeam ONE up to 12.1.0.3208. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-42023. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Veeam ONE up to 12.1.0.3208. This affects an unknown part of the component Access Token Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-42021. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Veeam ONE up to 12.1.0.3208. This vulnerability affects unknown code of the component Configuration File Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-42022. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Горячие патчи Windows Server 2025 теперь только для тех, кто платит.

Они хотели обмануть аэродинамику, но от зоркого глаза комиссии не ускользнет ни один шов.

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging SocGholish malware, also known as FakeUpdates, was uncovered targeting corporate networks. This attack, orchestrated by affiliates of RansomHub-a notorious Ransomware-as-a-Service (RaaS) group emerging in 2024-demonstrates a calculated approach to infiltrate high-profile organizations. SocGholish Malware as Initial Vector RansomHub markets its illicit […]

The post RansomHub Ransomware Deploys Malware to Breach Corporate Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat (APT) attack campaigns, predominantly targeting regions across South Asia, East Asia, Eastern Europe, and South America. These incursions highlighted a continuation of targeted cyber espionage and sabotage activities, primarily focusing on government agencies, critical infrastructure, and prominent industry sectors through a […]

The post 19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Blackpoint Cyber today at the 2025 RSA Conference unveiled a unified security posture and response platform that is based on the company’s managed detection and response (MDR) service. Company CTO Manoj Srivastava said the CompassOne platform provides organizations the tool to discover assets along with the guidance needed to improve their security posture. The overall..

The post Blackpoint Cyber Extends MDR Service to Improve Cyber Resiliency appeared first on Security Boulevard.

由矛盾现象到SQL注入

A vulnerability has been found in phpCAS up to 1.5.x and classified as problematic. Affected by this vulnerability is the function phpCAS::setUrl. The manipulation leads to improper control of resource identifiers. This vulnerability is known as CVE-2022-39369. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenSSL up to 3.0.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component x.509 Certificate Handler. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2022-3786. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component V8. The manipulation leads to type confusion. This vulnerability is known as CVE-2022-3723. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Fortinet FortiClient, FortiMail and FortiOS up to 6.2.168/6.4.274 and classified as problematic. This vulnerability affects unknown code of the component AV Engine. The manipulation leads to insufficient verification of data authenticity. This vulnerability was named CVE-2022-26122. The attack can be initiated remotely. There is no exploit available.