Aggregator

A vulnerability classified as critical was found in Airspan WiMax ProST 4.1. Affected by this vulnerability is an unknown functionality of the component Administration Panel. The manipulation leads to improper authentication. This vulnerability is known as CVE-2008-1262. The attack can be launched remotely. Furthermore, there is an exploit available.

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to solve Capture The Flag (CTF) challenges without human intervention.  It utilizes a two-module architecture: a planner to create commands and a summarizer to understand the hacking process’s current state by employing contextual information from past commands to make future decisions and […]

The post HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

用数据说话

Is it possible to install app on smartphone over the WIFI?

A vulnerability, which was classified as critical, was found in Apache Struts. Affected is an unknown function of the component CookieInterceptor. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2012-0392. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Boozt Standard 0.9.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.cgi of the component Administration Interface. The manipulation of the argument name leads to memory corruption. This vulnerability is known as CVE-2002-0098. The attack can be launched remotely. Furthermore, there is an exploit available.

其它两个0day的补丁将于12月18日推出

速更新

The National Crime Agency has made scores of arrests in a bid to bring down two major Russian money laundering networks

Why I Forked OpenBazaar

太好了是渗透测试高级技巧第三篇，我们有救了！

A vulnerability classified as problematic has been found in PickPlugins Related Posts, Inline Related Posts, Contextual Related Posts, Related Content Plugin up to 2.0.58 on WordPress. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-10937. It is possible to initiate the attack remotely. There is no exploit available.

聊透大模型行业最关心的问题。

有料、不卷、速来！创新大会 2025 全议程公布

意外从网友UID(3525972251)处看到17_angr_arbitrary_jump的简单解

根据 Statcounter 的统计数据，距离 Windows 10 终止支持不到一年时间，Windows 11 的份额并没有增长反而下降了。Windows 11 的全球桌面操作系统市场份额从 10 月的 35.6% 降至 11 月的 34.9%，Windows 10 的市场份额则增长不到一个百分点至 61.8%。在微软本土市场美国，Windows 11 的下降趋势更为明显。与此同时，微软官方博客强调它不会降低 Windows 11 的硬件需求，称 Trusted Platform Module (TPM) 2.0 对未来的安全至关重要。

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. Researchers from Microsoft Threat Intelligence collected evidence that the Russia-linked ATP group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has used the tools and infrastructure of at least 6 other threat actors during the […]

A vulnerability has been found in HPE AutoPass License Server and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2024-51770. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in HPE AutoPass License Server. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-51769. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in HPE AutoPass License Server. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-51767. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.