Aggregator
New Watering Hole Attack That Used Fake Adobe Flash Player Update To Deliver Malware
1 year 6 months ago
Cybersecurity threats are increasingly targeting vulnerabilities in publicly exposed assets like VPNs and firewalls, exploited by various actors, including APT groups and ransomware gangs. While this focus is understandable, it’s crucial not to neglect traditional attack vectors like phishing emails, malicious websites, and social engineering, as they remain potent tools in the hands of attackers. […]
The post New Watering Hole Attack That Used Fake Adobe Flash Player Update To Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
CVE-2018-15141 | OpenEMR up to 5.0.1.3 Patient Portal import_template.php docid path traversal (EDB-45202)
1 year 6 months ago
A vulnerability was found in OpenEMR up to 5.0.1.3. It has been rated as critical. This issue affects some unknown processing of the file portal/import_template.php of the component Patient Portal. The manipulation of the argument docid as part of Directory leads to path traversal.
The identification of this vulnerability is CVE-2018-15141. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Cactus
1 year 6 months ago
cohenido
新的 Skuld 信息窃取活动在 npm 生态系统中亮相
1 year 6 months ago
安全客
CVE-2004-0771 | F-Secure Anti-Virus ZIP Archive privileges management (EDB-24120 / Nessus ID 14813)
1 year 6 months ago
A vulnerability has been found in F-Secure Anti-Virus and classified as critical. Affected by this vulnerability is an unknown functionality of the component ZIP Archive Handler. The manipulation leads to improper privilege management.
This vulnerability is known as CVE-2004-0771. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
Lazarus Group 不断发展的武器库:揭开新的恶意软件和感染链的面纱
1 year 6 months ago
安全客
Regex 101: Practical Tips for Mastering Regular Expressions
1 year 6 months ago
Ever wished you could instantly extract all email addresses from a document or clean up messy data w
CVE-2006-4444 | Cybozu Garoon iid sql injection (EDB-2267 / XFDB-28594)
1 year 6 months ago
A vulnerability, which was classified as critical, was found in Cybozu Garoon. Affected is an unknown function. The manipulation of the argument iid leads to sql injection.
This vulnerability is traded as CVE-2006-4444. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
美国CISA发布强制性指令,要求联邦机构落实SaaS安全配置基线
1 year 6 months ago
知名AI公司云泄漏超1.29TB内部敏感数据
1 year 6 months ago
因云存储配置不当
知名AI公司云泄漏超1.29TB内部敏感数据
1 year 6 months ago
关注我们带你读懂网络安全据悉,暴露的数据库包含个人敏感数据和公司运营数据,事件归因为云存储配置不当。前情回顾·全球数据泄漏态势背调公司发生超大规模数据泄漏,一亿美国人隐私信息暴露国内某上市公司疑遭勒索
美国CISA发布强制性指令,要求联邦机构落实SaaS安全配置基线
1 year 6 months ago
关注我们带你读懂网络安全美国政府发布了关于云服务安全实践实施的指导意见。2024年12月17日,美国网络安全与基础设施安全局(Cybersecurity and Infrastructure Secu
NDSS 2025|Prompt泄露风险:抖音集团安全研究团队揭露多租户KV缓存共享漏洞
1 year 6 months ago
再次入选NDSS 2025!
NDSS 2025|Prompt泄露风险:抖音集团安全研究团队揭露多租户KV缓存共享漏洞
1 year 6 months ago
再次入选NDSS 2025!
NDSS 2025|Prompt泄露风险:抖音集团安全研究团队揭露多租户KV缓存共享漏洞
1 year 6 months ago
再次入选NDSS 2025!
Interpol Identifies Over 140 Human Traffickers in New Initiative
1 year 6 months ago
A new digital operation has enabled Interpol to identify scores of human traffickers operating between South America and Europe
Top Open Source API Security Tools
1 year 6 months ago
The modern world relies on Application Programming Interfaces (APIs). They allow applications
派评 | 近期值得关注的 App
1 year 6 months ago
欢迎收看本期《派评》。你可以通过文章目录快速跳转到你感兴趣的内容。如果发现了其它感兴趣的 App 或者关注的话题,也欢迎在评论区和我们讨论。不容错过的 App 更新除了「新鲜」App,App St
NDSS 2025|Prompt泄露风险:抖音集团安全研究团队揭露多租户KV缓存共享漏洞
1 year 6 months ago
再次入选NDSS 2025!