Aggregator

Новая защита работает так, будто давно знает, от чего именно должна защищать.

A vulnerability, which was classified as critical, was found in Google Chrome. Affected is an unknown function of the component Omnibox. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-2603. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ThingsBoard 3.3.1. It has been classified as problematic. This affects an unknown part of the component Rule Engine. The manipulation of the argument description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2021-42751. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Google Chrome and classified as critical. Affected by this vulnerability is an unknown functionality of the component Safe Browsing. The manipulation of the argument 10000 leads to use after free. This vulnerability is known as CVE-2022-2604. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as problematic. Affected by this issue is some unknown functionality of the component Dawn. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2022-2605. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. This affects an unknown part of the component Managed Devices API. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-2606. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code of the component Tab Strip. The manipulation leads to use after free. This vulnerability was named CVE-2022-2607. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as critical. This issue affects some unknown processing of the component Overview Mode. The manipulation leads to use after free. The identification of this vulnerability is CVE-2022-2608. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component Nearby Share. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-2609. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A security researcher has uncovered a serious vulnerability resulting from incorrectly configured OAuth2 credentials in a startling discovery from a recent YesWeHack bug reward engagement. This discovery, made during an in-depth analysis of a target’s web application, highlights the severe risks posed by seemingly minor oversights in authentication frameworks. By leveraging exposed OAuth client IDs […]

The post Researchers Exploit OAuth Misconfigurations to Gain Unrestricted Access to Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

苏联失败的金星探测器“宇宙482号（Kosmos 482）”预计将于下个月不受控的重返大气层。宇宙482号于 1972 年 3 月 31 日从哈萨克斯坦拜科努尔航天发射场发射升空，任务是尝试登陆金星，然而推进器未能成功将飞船 推进到飞往金星的转移轨道。原因据 NASA 称是引擎发生燃烧故障，飞船无法飞往金星，一直滞留于地球轨道。飞船分解成四个碎片，其中两个在发射两天后就坠落回地面。另外两个被认为是有效负荷和上级引擎，其中负荷包括了运载器和着陆器，重大约 495 公斤。卫星追踪专家 Marco Langbroek 预测宇宙482号的着陆器将于 5 月 10 日重返大气层，鉴于宇宙482号设计安全穿越金星大气层，因此着陆器有很高的可能性会完好的穿越地球大气层撞击地面。Langbroek 表示风险不高，但也不会是零。

A recent investigation by security researchers has exposed critical vulnerabilities in the default IAM roles of several Amazon Web Services (AWS) offerings, including SageMaker, Glue, and EMR, as well as open-source projects like Ray. These roles, often automatically created or recommended during service setup, come with overly permissive policies such as AmazonS3FullAccess. This broad access, […]

The post AWS Defaults Open Stealthy Attack Paths Enabling Privilege Escalation and Account Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in PHP-Fusion 4.0. This issue affects some unknown processing of the file fusion_admin/db_backups. The manipulation leads to information disclosure (Backup). The identification of this vulnerability is CVE-2004-1724. The attack may be initiated remotely. Furthermore, there is an exploit available.

Skyhigh Security announced the expansion of its Skyhigh AI offering to include additional data protection solutions for Copilot for Microsoft 365 and ChatGPT Enterprise. This development follows the company’s earlier introduction of Skyhigh AI, an advanced suite of AI-powered capabilities designed to mitigate risks associated with AI applications while enhancing security operations, and expansion of data protection capabilities to secure Microsoft Copilot. While the capabilities of AI applications like Microsoft Copilot and ChatGPT are revolutionizing … More →

The post Skyhigh Security adds data protection solutions for Microsoft Copilot and ChatGPT Enterprise appeared first on Help Net Security.

A leading U.S.-based cybersecurity firm, sophisticated cyber-espionage campaigns attributed to Chinese state-sponsored actors have come to light. Tracked as the PurpleHaze activity cluster, these adversaries have targeted SentinelOne’s infrastructure alongside high-value organizations associated with its business ecosystem. Uncovering the PurpleHaze Threat Cluster SentinelLabs, the research arm of SentinelOne, identified this threat during a 2024 intrusion […]

The post China-Linked Hackers Targeting Organizational Infrastructure and High-Value Clients appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A high-severity vulnerability (CVE-2025-30194) in PowerDNS DNSdist, a widely used DNS load balancer and security tool, enables remote attackers to trigger denial-of-service (DoS) conditions by exploiting flaws in its DNS-over-HTTPS (DoH) implementation.  The vulnerability, disclosed in PowerDNS Security Advisory, affects DNSdist versions 1.9.0 through 1.9.8 when configured to use the nghttp2 library for DoH processing. […]

The post PowerDNS DNSdist Vulnerability Let Attackers Cause Denial of Service Condition appeared first on Cyber Security News.

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Background Fetch. The manipulation leads to improper access controls. This vulnerability is known as CVE-2022-2610. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Google Chrome. This affects an unknown part of the component Keyboard Input Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2022-2612. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component Input. The manipulation leads to use after free. This vulnerability was named CVE-2022-2613. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. This issue affects some unknown processing of the component Sign-In Flow. The manipulation leads to use after free. The identification of this vulnerability is CVE-2022-2614. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.