Aggregator

A vulnerability was found in BookReview. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file search.htm. The manipulation leads to information disclosure (Path). This vulnerability is known as CVE-2005-1782. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.

Форум был разрушен в апреле — и всё равно вернулся онлайн.

Members of the World Uyghur Congress living in exile were targeted with a spear phishing campaign deploying surveillance malware, according to the Citizen Lab

CTF

A vulnerability was found in vim. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2022-4141. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component GPU. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2022-4135. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in perfSONAR up to 4.4.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Search. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2022-41413. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Nextcloud Server and classified as problematic. Affected by this vulnerability is an unknown functionality of the component User Display Name Handler. The manipulation leads to resource consumption. This vulnerability is known as CVE-2022-39346. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Edge. It has been declared as critical. This vulnerability affects unknown code of the component GPU. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2022-4135. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. [...]

人到中年，腰围往往会变粗，会堆积脂肪。美国希望之城国家医疗中心和加州大学洛杉矶分校等机构的临床前研究发现了与年龄相关的腹部脂肪增加背后的细胞元凶，为人到中年为何腰腹变粗提供了新见解，为未来预防腹部松弛和延长健康寿命的疗法提供了新靶点。小鼠研究发现，在年轻小鼠中，脂肪细胞祖细胞（APC）几乎不活跃，但在中年小鼠中，APC 被“唤醒”并开始产生新的脂肪细胞。大多数成体干细胞的生长能力会随着年龄增长而减弱，但 APC 恰恰相反——衰老解锁了这些细胞的进化和扩散能力。

Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed.

Исследователи обнаружили фатальный изъян в архитектуре доверия мобильных устройств.

web渗透端口扫描使用nmap进行端口探测，发现存在22，80，3000端口开放。探测其具体版本信息等。访问80端口。发现其框架为pluck4.7.18.弱口令尝试进行弱口令尝试，发现不存在弱口令。访问3000端口。发现存在一个gitlab。发现其存在一个/data目录。发现其存在源代码。敏感数据泄漏存在数据库文件，泄漏密码。密码解密然后成功解出密码为iloveyou1接着进行登录。漏洞利用命令执

ArmorCode launched Anya, an agentic AI champion purpose-built for AppSec and product security teams. Following a successful early access program, Anya is now available to all ArmorCode enterprise customers, delivering intelligent, conversation-driven security insights that close the expertise gap and accelerate critical security decisions. While security teams continue to struggle with tool sprawl and alert fatigue, Anya was built to transform how organizations manage application security. Unlike traditional AppSec dashboards and siloed tools, Anya functions … More →

The post ArmorCode Anya accelerates critical security decisions appeared first on Help Net Security.