Aggregator

CVE-2024-54263 | Talemy Spirit Framework Plugin up to 1.2.13 on WordPress filename control

VulDB Recent Entries
2 months ago
A vulnerability, which was classified as problematic, was found in Talemy Spirit Framework Plugin up to 1.2.13 on WordPress. Affected is an unknown function. The manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is identified as CVE-2024-54263. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-10279 | mlflow up to 3.3.x /tmp temp file

VulDB Recent Entries
2 months ago
A vulnerability, which was classified as problematic, has been found in mlflow up to 3.3.x. This impacts an unknown function of the file /tmp. The manipulation leads to creation of temporary file in directory with insecure permissions. This vulnerability is referenced as CVE-2025-10279. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-2356 | parisneo lollms-webui up to 9.4 /reinstall_extension ExtensionBuilder.build_extension data.name path traversal

VulDB Recent Entries
2 months ago
A vulnerability classified as critical was found in parisneo lollms-webui up to 9.4. This affects the function ExtensionBuilder.build_extension of the file /reinstall_extension. Executing a manipulation of the argument data.name can lead to path traversal: '\..\filename'. The identification of this vulnerability is CVE-2024-2356. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

SILENTDRIFT:利用动作分块实现对视觉-语言-动作模型的隐蔽后门攻击

先知技术社区
2 months ago
引言本文是对SilentDrift: Exploiting Action Chunking for Stealthy Backdoor Attacks on Vision-Language-Action Models该论文的学习攻击描述攻击者在训练数据中注入极少量(<2%)带有微小视觉触发器(如5像素红点)的中毒样本,仅在机器人执行任务的关键阶段(如末端执行器接近目标物体时)激活后门;此时模

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

The Hackers News
2 months ago
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to stay ahead. This week’s recap brings you the
The Hacker News

Securing the Mid-Market Across the Complete Threat Lifecycle

The Hackers News
2 months ago
For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done. The challenge is that many security tools add complexity and cost that most mid-market businesses
The Hacker News

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

Security Affairs
2 months ago
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors   Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload […]
Pierluigi Paganini

Microsoft sets a path to switch off NTLM across Windows

Help Net Security
2 months ago

Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been part of Windows for decades and continues to appear in some environments, particularly where legacy systems and older applications are present. Security threats have changed over time, and security expectations have risen with them. Today, NTLM’s weaker cryptography leaves it open to attacks such as replay attacks and man-in-the-middle attacks. … More →

The post Microsoft sets a path to switch off NTLM across Windows appeared first on Help Net Security.

Sinisa Markovic

Managed ad