Aggregator

Yak.exe滥用作C2木马 免杀360火绒内存扫描

A vulnerability was found in Apple macOS. It has been rated as problematic. This issue affects some unknown processing of the component DesktopServices. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2023-40433. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple macOS. Affected is an unknown function of the component Find My. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2023-40437. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been classified as problematic. Affected is an unknown function of the component WebKit. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2023-42866. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Security. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-42831. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS and classified as problematic. Affected by this vulnerability is an unknown functionality of the component crontabs. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-42828. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple macOS. Affected by this issue is some unknown functionality of the component AppleMobileFileIntegrity. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2023-42872. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple iOS and iPadOS. This issue affects some unknown processing of the component Web Contents Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2023-42866. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple watchOS. Affected is an unknown function of the component Web Contents Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2023-42866. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Safari and classified as critical. Affected by this vulnerability is an unknown functionality of the component Web Contents Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2023-42866. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been rated as critical. This issue affects some unknown processing of the component App. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2023-38612. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple iOS and iPadOS. Affected is an unknown function. The manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2023-40437. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS up to 16.x. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-40529. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS and classified as problematic. This issue affects some unknown processing of the component App. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-42831. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 21 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidate is a reservation duplicate of CVE-2025-49113. Notes: All CVE users should reference CVE-2025-49113 instead of this candidate. All references and descriptions in this candidate ...

HackerNews 编译，转载请注明出处： 据最新报告显示，一个鲜为人知的黑客组织已成为俄罗斯国家机构和关键行业的重大威胁，其攻击旨在制造最大程度的破坏并谋取经济利益。 俄罗斯网络安全公司卡巴斯基的研究人员表示，Black Owl（亦称黑猫头鹰）组织自2024年初开始活跃，似乎独立运作且拥有专属工具库和攻击策略。该组织最具破坏性的行动之一是上月的网络攻击，据称摧毁了俄罗斯约三分之一的国家电子法院档案系统。乌克兰军事情报局（HUR）此前声明曾与BO组织合作开展多项行动，包括入侵俄罗斯联邦数字签名机构及其下属科研中心。 该组织通常通过携带高迷惑性恶意附件的钓鱼邮件获取受害者系统的初始访问权限。入侵成功后，BO组织可能潜伏数周甚至数月才行动——这种延迟在通常追求快速破坏或窃取数据的黑客行动主义者中极为罕见。其持续升级的工具包包含DarkGate、BrockenDoor和Remcos等后门程序。 研究人员指出，攻陷网络后，该组织会使用微软SDelete等工具删除备份及虚拟基础设施，并在部分案例中部署Babuk勒索软件加密数据索要赎金。黑客常将恶意软件伪装成合法的Windows程序。 BO组织专门针对俄罗斯实体，包括国有企业和科技、电信及制造业机构。他们频繁在Telegram上宣扬攻击成果，既为恐吓受害者，也为吸引媒体关注。 卡巴斯基强调：“BO组织因非常规的网络攻击手段，对俄罗斯机构构成严重威胁。” 研究人员补充称，与其他亲乌克兰黑客组织不同，该组织几乎未表现出协作、合作或工具共享迹象——这在俄罗斯当前的黑客行动生态中尤为特殊。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as critical was found in XCloner Plugin 3.1.1 on WordPress/Joomla!. This vulnerability affects unknown code of the file cloner.functions.php. The manipulation leads to improper input validation. This vulnerability was named CVE-2014-8603. The attack can be initiated remotely. Furthermore, there is an exploit available.

当世界目光聚焦在乌克兰战场的硝烟时，另一场看不见的战争正在悄然改写国际舆论的底色。这场战争没有枪炮声，却比任

A vulnerability was found in Matu FTP Client 1.74. It has been rated as critical. This issue affects some unknown processing of the component Banner Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2002-0608. The attack may be initiated remotely. Furthermore, there is an exploit available.