[webapps] PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)
PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)
Aggregator
揭秘:打造一套完整的勒索病毒自动化采集分析系统
4 months 2 weeks ago
实现对新型勒索病毒的快速响应。
我用NodeJS+electron自研了个C2和木马并绕过了360+火绒内存扫描(附源码)
4 months 2 weeks ago
NodeJs可以写后端、electron又可以打包成exe,还可以通过主进程命令执行,那么不就可以自研一个C2了吗
Lynx
4 months 2 weeks ago
cohenido
Daily Dose of Dark Web Informer - 8th of April 2025
4 months 2 weeks ago
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer - Cyber Threat Intelligence
Lawsuit: Hospital Pharmacist Spied on Coworkers for a Decade
4 months 2 weeks ago
University of Maryland Medical Center Said FBI Is Also Investigating Case
An academic medical center is facing a class action lawsuit alleging one of its pharmacists installed keylogging software on 400 computers over a decade to spy on the personal lives and intimate moments of coworkers. The pharmacist is also facing a criminal investigation, the hospital said.
An academic medical center is facing a class action lawsuit alleging one of its pharmacists installed keylogging software on 400 computers over a decade to spy on the personal lives and intimate moments of coworkers. The pharmacist is also facing a criminal investigation, the hospital said.
Russian APT Hacker Observed Deploying Unusual RDP Tactics
4 months 2 weeks ago
Espionage Campaign Mainly Targeted European Organizations
A Russian nation-state threat actor exploited "lesser known" features of Microsoft Windows remote desktop protocol to target European organizations for espionage. Hackers used RDP to deploy a malicious application and access data from victims.
A Russian nation-state threat actor exploited "lesser known" features of Microsoft Windows remote desktop protocol to target European organizations for espionage. Hackers used RDP to deploy a malicious application and access data from victims.
US Risks Losing 'AI Cold War' as China Surges Ahead
4 months 2 weeks ago
AI Leaders Call for Proactive US Response Amid Chinese Technology Breakthroughs
The United States risks losing the so-called "AI Cold War" against China unless it abandons traditional containment strategies and adapts to Beijing's advances, panelists told lawmakers Tuesday. "I'm as stunned as all of you about just how fast China has caught up," said Adam Thierer.
The United States risks losing the so-called "AI Cold War" against China unless it abandons traditional containment strategies and adapts to Beijing's advances, panelists told lawmakers Tuesday. "I'm as stunned as all of you about just how fast China has caught up," said Adam Thierer.
Tailscale Raises $160M to Scale AI and Enterprise Use
4 months 2 weeks ago
Zero Trust Network Access Firm Plans to Enhance Platform and Grow Revenue Faster
Tailscale has landed $160 million in Series C funding to scale its platform and meet growing demand from AI and enterprise firms. The networking company will invest in engineering to support multi-cloud and identity-based networking features.
Tailscale has landed $160 million in Series C funding to scale its platform and meet growing demand from AI and enterprise firms. The networking company will invest in engineering to support multi-cloud and identity-based networking features.
Threat Attack Daily - 8th of April 2025
4 months 2 weeks ago
Threat Attack Daily - 8th of April 2025
Dark Web Informer - Cyber Threat Intelligence
Ransomware Attack Update for the 8th of April 2025
4 months 2 weeks ago
Ransomware Attack Update for the 8th of April 2025
Dark Web Informer - Cyber Threat Intelligence
Microsoft Drops Another Massive Patch Update
4 months 2 weeks ago
A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries.
Jai Vijayan, Contributing Writer
CVE-2025-32198 | themefusecom Brizy Plugin up to 2.6.14 on WordPress cross site scripting
4 months 2 weeks ago
A vulnerability was found in themefusecom Brizy Plugin up to 2.6.14 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-32198. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-3100 | WP Project Manager Plugin up to 2.6.22 on WordPress SVG File Upload cross site scripting
4 months 2 weeks ago
A vulnerability was found in WP Project Manager Plugin up to 2.6.22 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component SVG File Upload Handler. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2025-3100. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-32236 | Woocommerce Advanced Product Organizer – Dynamic Sorting & Reordering Plugin authorization
4 months 2 weeks ago
A vulnerability has been found in Woocommerce Advanced Product Organizer – Dynamic Sorting & Reordering Plugin up to 1.9 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization.
This vulnerability is known as CVE-2025-32236. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-55354 | Lucee Server prior 5.4.7.3 LTS/6.1.1.118 Protection Mechanism reliance on untrusted inputs in a security decision
4 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Lucee Server. Affected is an unknown function of the component Protection Mechanism. The manipulation leads to reliance on untrusted inputs in a security decision.
This vulnerability is traded as CVE-2024-55354. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-32036 | dnnsoftware Dnn.Platform up to 9.13.7 Captcha (GHSA-48q9-3p26-8595)
4 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in dnnsoftware Dnn.Platform up to 9.13.7. This issue affects some unknown processing. The manipulation leads to guessable captcha.
The identification of this vulnerability is CVE-2025-32036. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-32035 | dnnsoftware Dnn.Platform up to 9.13.1 type distinction (GHSA-8q89-mqw7-9pp7)
4 months 2 weeks ago
A vulnerability classified as problematic was found in dnnsoftware Dnn.Platform up to 9.13.1. This vulnerability affects unknown code. The manipulation leads to insufficient type distinction.
This vulnerability was named CVE-2025-32035. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Industry Asks for Clarity on Proposed HIPAA Cybersecurity Rules
4 months 2 weeks ago
Healthcare and IT security practitioners worry that some of the proposed amendments are not practical for a sector that lacks resources and often uses legacy equipment.
Arielle Waldman
CVE-2025-30292 | Adobe ColdFusion up to 2021.18/2023.12/2025.0 cross site scripting (apsb25-15)
4 months 2 weeks ago
A vulnerability classified as problematic has been found in Adobe ColdFusion up to 2021.18/2023.12/2025.0. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-30292. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com