Aggregator

苹果本周将举行百大高管会议：遭痛批的 AI 成焦点； 通义千问：QwQ-32B 登顶全球最强开源模型； 百川智能联合创始人焦可、陈炜鹏出走，均开启 AI 领域创业； 1688 全面取消「仅退款」

银狐票根类最新样本分析

GreyNoise has identified a notable resurgence of in-the-wild activity targeting three ServiceNow vulnerabilities: "Resurgence of in-the-wild Activity targeting critical ServiceNow vulns. Overwhelming majority of traffic hitting Israel.

Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373 (aka ZDI-25-148), a Windows .lnk file vulnerability that enables hidden command execution.

Chamilo LMS 1.11.24 - Remote Code Execution (RCE)

Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.

助力证券行业构建安全、高效、敏捷的数字化基础设施。

助力证券行业构建安全、高效、敏捷的数字化基础设施。

A recent vulnerability discovered in an UK National Health Service HS API has once again highlighted the risks associated with insecure mobile application programming interfaces (APIs). The flaw reportedly allowed unauthorized access to sensitive patient data, raising serious concerns about the security of healthcare applications.

The post UK NHS API Flaw Exposes Critical Mobile Security Risks appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in Cisco TelePresence Video Communication Server Expressway. This issue affects some unknown processing of the component Web-based Management Interface. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2024-20400. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition up to 128103/128237/128249. It has been declared as problematic. This vulnerability affects unknown code of the component Reports. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-38870. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in projectdiscovery nuclei up to 3.3.0. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-40641. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM ClearQuest up to 9.1.0.6. It has been rated as problematic. Affected by this issue is the function intended of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-28796. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.