Aggregator

Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. [...]

A vulnerability, which was classified as very critical, was found in Microsoft Configuration Manager. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-43468. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

10/01/2025 riepilogo In questa settimana, il CE

A vulnerability was found in Sun Java JRE up to 1.5.0 Update 6. It has been classified as critical. This affects the function Font.createFont of the component Applet Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2006-2426. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability, which was classified as problematic, was found in Scrapy up to 2.10. Affected is an unknown function of the component API. The manipulation leads to inefficient regular expression complexity. This vulnerability is traded as CVE-2024-1892. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in freescout-helpdesk freescout and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-1932. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in freescout up to 1.8.123 and classified as problematic. This vulnerability affects unknown code of the file /conversation/ajax-html/send_log?folder_id=&thread_id=. The manipulation leads to sensitive information in log files. This vulnerability was named CVE-2024-28186. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in freescout-helpdesk freescout up to 1.8.127 and classified as critical. Affected by this issue is the function shell_exec of the file /public/tools.php. The manipulation of the argument php_path leads to os command injection. This vulnerability is handled as CVE-2024-29185. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

伦敦卫生与热带医学院（London School of Hygiene & Tropical Medicine，LSHTM）在《柳叶刀》上发表了一篇独立分析，认为加沙在 2023 年 10 月 7 日至 2024 年 6 月 30 日期间有 64,260 人死于创伤性损伤，而巴勒斯坦卫生部报告的死亡人数为 37,877 人，漏报了 41%。研究表明，加沙约 3% 的人口死于暴力，其中 59% 的死者是女性、儿童和老人。根据估计的漏报率，截至 2024 年 10 月，创伤性损伤死亡总人数预计超过 70,000 人。战争造成的死亡总人数可能会更高，分析没有考虑到医疗中断、粮食不安全、供水和卫生设施不足以及疾病爆发造成的非创伤性死亡。

A Threat Actor Claims to be Selling Shell Access to Multiple Companies

文章旨在为分析师提供一个更深入理解ZG网络安全思维的机会，并指出ZG在网络领域的三大威胁：软实力威胁、侦察威胁和攻击威胁。

A Threat Actor Claims to be Selling VPN Access to an Unidentified Retail Industry in Germany

A vulnerability has been found in Phorum 3.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin.php3 of the component Password Reset. The manipulation of the argument step/option/confirm/newPssword leads to improper authentication. This vulnerability is known as CVE-2000-1228. The attack can be launched remotely. Furthermore, there is an exploit available.

Что скрывается за аббревиатурой CWE-1007? Разберём, как гомоглифы используются для фишинга, заражения кода и создания поддельных доменов. В статье объясняется, как злоумышленники используют визуально схожие символы для обмана пользователей.

To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.

Reviewing the enhancements delivered by the SonarQube for IDE team for developers during 2024. Focusing on streamlining the UX for teams, harnessing the power of SonarQube Server and Cloud through connected mode into your IDE, and making it even easier to focus on new code.

The post SonarQube for IDE: Our journey this year, and sneak peek into 2025 appeared first on Security Boulevard.

Our journey this yearWe launched SonarQube for IDE (formerly known as SonarLint) with a simple

This article, published as part of the Bellingcat Technical Writing Fellowship, is a