Aggregator

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bobby Gould and Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2025-02-18, 28 days ago. The vendor is given until 2025-06-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mark Vincent Yason (markyason.github.io)' was reported to the affected vendor on: 2025-02-18, 23 days ago. The vendor is given until 2025-06-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

中电安科多个岗位热招中，期待你的加入，一起追梦前行！

使用相同的刷新令牌和新的设备标识，Storm-2372能够获得主刷新令牌（PRT）并访问其资源。目前已经观察到Storm-2372使用连接的设备收集电子邮件。

A vulnerability has been found in Apple iOS up to 10.2 and classified as critical. This vulnerability affects unknown code of the component WebKit. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-2460. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Safari 2.0/2.0.1/2.0.2/2.0.3/2.0.4. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2008-0298. The attack can be initiated remotely. Furthermore, there is an exploit available.

A novel persistence mechanism exploiting Microsoft’s Text Services Framework (TSF) has been uncovered by researchers at Praetorian Labs, revealing a sophisticated method for maintaining long-term access to compromised systems. While requiring administrative privileges for initial deployment, this technique enables stealthy code execution across dozens of critical Windows processes through aboriginal system components designed for text […]

The post Microsoft Text Services Framework Exploited for Stealthy Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Microweber up to 0.94 and classified as critical. Affected by this issue is some unknown functionality of the file Category.php. The manipulation of the argument parent_id leads to sql injection. This vulnerability is handled as CVE-2014-9464. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in PHP up to 5.2.0. This issue affects some unknown processing of the component Filters. The manipulation leads to format string. The identification of this vulnerability is CVE-2007-1452. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Your business can’t realize the many benefits of cloud computing without ensuring performance and availability in its cloud environments. Let’s look at some examples. Scalability: To scale your business’s cloud computing services, you need those services to be available and to perform according to your business’s requirements. Otherwise, your business might miss out on opportunities or end up paying for resources it doesn’t use. Disaster recovery: In the event of a disaster, you might need … More →

The post Balancing cloud security with performance and availability appeared first on Help Net Security.

A vulnerability classified as problematic has been found in maheshmaharjan Catch Popup Plugin up to 1.4.4 on WordPress. Affected is the function catch-popup of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-11427. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in zoan WP-Revive Adserver Plugin up to 2.2.1 on WordPress. Affected by this vulnerability is the function wprevive_async of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-12461. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in shivtiwari WP Service Payment Form With Authorize.net Plugin up to 2.6.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument page leads to cross site scripting. This vulnerability is handled as CVE-2024-12258. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in websitetoolbox Website Toolbox Community Plugin up to 2.0.1 on WordPress. This affects an unknown part. The manipulation of the argument websitetoolbox_username leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12338. It is possible to initiate the attack remotely. There is no exploit available.

其目标是窃取用户的敏感信息，涵盖数字钱包数据以及合法 Notes 应用程序中的数据。

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to

Two critical vulnerabilities in LibreOffice (CVE-2024-12425 and CVE-2024-12426) expose millions of users to file system manipulation and sensitive data extraction attacks. These flaws affect both desktop users opening malicious documents and server-side systems using LibreOffice for headless document processing. CVE-2024-12425: Path Traversal Enables Arbitrary File Writes The first vulnerability stems from improper path sanitization when […]

The post LibreOffice Vulnerabilities Allow Attackers to Write to Files and Extract Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in QNX RTOS 6.1.0 and classified as problematic. This issue affects some unknown processing of the component Timer Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2002-1983. The attack needs to be approached locally. Furthermore, there is an exploit available.