Aggregator

A joint operation between the Thai and Singapore police has resulted in the arrest of a man allegedly responsible for over 90 data extortion attacks worldwide

A sophisticated cyberespionage campaign linked to Chinese state-sponsored actors has exploited a previously patched Check Point VPN vulnerability (CVE-2024-24919) to infiltrate organizations across Europe, Africa, and the Americas, according to cybersecurity researchers. The attacks, observed between June 2024 and January 2025, primarily targeted the manufacturing sector, deploying ShadowPad malware and, in limited cases, the NailaoLocker […]

The post Chinese Hackers Exploit Check Point VPN Zero-Day to Target Organizations Globally appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

公元 79 年 8 月，维苏威火山的突然喷发摧毁了意大利庞贝和赫库兰尼姆两座古城。考古学家于 2020 年在赫库兰尼姆一名遇难者头骨中发现了深蓝色玻璃状物质，这是人类大脑在极端条件下瞬间转化为玻璃的结果。这种现象极为罕见。因为要形成玻璃，物质必须被迅速加热到至少510摄氏度，然后急速冷却，以防止晶体结构的形成。对于含有水分的有机物来说，这种情况几乎不可能自然发生。这名死者当时躺在奥古斯都学院的床上，被突如其来的火山灰云瞬间吞噬。普通的火山碎屑流温度不会超过 465 摄氏度，并且冷却速度较慢，不足以导致如此剧烈的变化。科学家推测，是维苏威火山喷发时释放出的超高温火山灰云造成了这一切。这些火山灰云不仅温度极高，而且来去匆匆，它们迅速提升了人体温度，随后又快速消散，导致环境温度骤降。在这种极端条件下，遇难者脑组织瞬间经历了从液态到固态的直接转换，形成了独特的有机物玻璃，而他的头骨为这份珍贵的大脑标本撑起了保护伞，长久地留存了下来。

Исследователи выявили новый бэкдор в арсенале группировки.

A vulnerability classified as problematic has been found in Liquid Design Liquid Blocks Plugin up to 1.2.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-52357. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Webangon The Pack Elementor Addons Plugin up to 2.1.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-52356. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Artifex Ghostscript up to 10.03.x. Affected is an unknown function of the file psi/zcolor.c of the component Indexed Color Space Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-46955. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Cyberchimps Responsive Addons for Elementor Plugin up to 1.5.4 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-52358. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Abdullah Extender All In One for Elementor Plugin up to 1.0.3 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-51575. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Andrew Milo Postcasa Shortcode Plugin up to 1.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-52352. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Cool Plugins Web Stories Widgets for Elementor Plugin up to 1.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-52354. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Simple Goods Plugin up to 0.1.3 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-51574. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Adobe Commerce up to 2.4.4-p11/2.4.5-p10/2.4.6-p8/2.4.7-beta1/2.4.7-p3. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-24408. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe Commerce up to 2.4.4-p11/2.4.5-p10/2.4.6-p8/2.4.7-beta1/2.4.7-p3. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-24411. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Commerce up to 2.4.4-p11/2.4.5-p10/2.4.6-p8/2.4.7-beta1/2.4.7-p3. This issue affects some unknown processing. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-24418. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Commerce up to 2.4.4-p11/2.4.5-p10/2.4.6-p8/2.4.7-beta1/2.4.7-p3. Affected is an unknown function. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2025-24419. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Commerce up to 2.4.4-p11/2.4.5-p10/2.4.6-p8/2.4.7-beta1/2.4.7-p3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2025-24420. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Commerce up to 2.4.4-p11/2.4.5-p10/2.4.6-p8/2.4.7-beta1/2.4.7-p3. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-24410. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Commerce up to 2.4.4-p11/2.4.5-p10/2.4.6-p8/2.4.7-beta1/2.4.7-p3. Affected by this vulnerability is an unknown functionality. The manipulation of the argument form leads to cross site scripting. This vulnerability is known as CVE-2025-24412. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Commerce up to 2.4.4-p11/2.4.5-p10/2.4.6-p8/2.4.7-beta1/2.4.7-p3. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-24413. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.