Aggregator

Китайские дроны — новая угроза Пентагону?

Добро пожаловать в чёрный ящик генома.

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. [...]

Beware! SVG images are now being used with obfuscated JavaScript for stealthy redirect attacks via spoofed emails. Get insights from Ontinue's latest research on detection and defence.

Они приручили алюминий и заставили его считать до 19 знаков после запятой.

A new Konfety Android malware variant uses a malformed ZIP and obfuscation to evade detection, posing as fake apps with no real functionality. Zimperium zLabs researchers are tracking a new, sophisticated Konfety Android malware variant that uses an “evil-twin” tactic and duplicate package names to avoid detection. The new Konfety malware variants use malformed ZIP, […]

A vulnerability was found in gaizhenbiao ChuanhuChatGPT up to 20240410. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-5822. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Apache Superset up to 4.0.x and classified as critical. Affected by this issue is the function query_to_xml_and_xmlschema/table_to_xml/table_to_xml_and_xmlschema. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-53947. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apache Hive up to 4.0.0. This vulnerability affects unknown code. The manipulation leads to incorrect permission assignment. This vulnerability was named CVE-2024-29869. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Fortinet FortiClientMac up to 7.0.10/7.2.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tmp of the component Configuration File Handler. The manipulation leads to file inclusion. This vulnerability is handled as CVE-2023-45588. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.