Aggregator
CVE-2024-11929 | Responsive FlipBook Plugin up to 2.5.0 on WordPress cross site scripting
CVE-2024-12542 | linkID Plugin up to 0.1.2 on WordPress authorization
CVE-2024-11642 | Post Grid Master Plugin up to 3.4.12 on WordPress file inclusion
戴尔系统更新包框架现严重漏洞,可提升攻击者权限
戴尔系统更新包框架现严重漏洞,可提升攻击者权限
CVE-2024-37372 | Node.js up to 20.15.0/22.4.0 permission
GitLab CISO on proactive monitoring and metrics for DevSecOps success
In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. He shares tips for maintaining development speed, fostering collaboration, and using metrics to track DevSecOps success. What are organizations’ most significant challenges when shifting from DevOps to DevSecOps? The complexity of organizations’ build processes and developer ecosystems is a significant challenge for those seeking to … More →
The post GitLab CISO on proactive monitoring and metrics for DevSecOps success appeared first on Help Net Security.
CVE-2024-53995 | sickchill up to 2024.3.1 Login Page next redirect (GHSL-2024-283)
CVE-2025-0283 | Ivanti Connect Secure up to 22.7 stack-based overflow (Nessus ID 213571)
CVE-2025-0282 | Ivanti Connect Secure up to 22.7 stack-based overflow (Nessus ID 213570)
Sara: Open-source RouterOS security inspector
Sara is an open-source tool designed to analyze RouterOS configurations and identify security vulnerabilities on MikroTik hardware. Sara’s main feature is using regular expressions as the primary analysis mechanism. This allows you to quickly and accurately process RouterOS configuration text files, making the tool powerful and easy to use. “Sara is entirely standalone and requires no network connection. Feed in a configuration file, and it will find any potential security issues. This combination of autonomy, … More →
The post Sara: Open-source RouterOS security inspector appeared first on Help Net Security.
Researchers Reveal Exploitation Techniques of North Korean Kimsuky APT Group
Since 2013, the advanced persistent threat (APT) known as Kimsuky, which the North Korean government sponsors, has been actively conducting cyber espionage operations. It employs advanced malware, spearphishing, and social engineering tactics to infiltrate target networks and exfiltrate sensitive data, focusing on South Korea and other countries with strategic interests in the Korean Peninsula. A […]
The post Researchers Reveal Exploitation Techniques of North Korean Kimsuky APT Group appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.