Aggregator
全球视野 | 国际网安快讯(第49期)
CVE-2009-0347 | Autonomy Ultraseek Search Engine cs.html link following (VU#202753 / EDB-32766)
CVE-2024-12645 | Chunghwa Telecom topm-client up to 0.3.17 API cross-site request forgery
CVE-2024-12644 | Chunghwa Telecom tbm-client up to 0.3.20 cross-site request forgery
CVE-2024-12664 | ruifang-tech Rebuild 3.8.5 Project Task Comment cross site scripting
CVE-2024-12665 | ruifang-tech Rebuild 3.8.5 Task Comment Attachment Upload cross site scripting
CVE-2024-11905 | Animated Counters Plugin up to 2.0 on WordPress cross site scripting
CVE-2024-11902 | Slope Widgets Plugin up to 4.2.11 on WordPress cross site scripting
人类的思维在衰退
IDOR Vulnerability in ExHub Allows Attackers to Alter Hosting Configurations
A security researcher recently uncovered a high-risk Insecure Direct Object Reference (IDOR) vulnerability in ExHub, a cloud hosting and collaboration platform used by over 2 million developers. The flaw enabled attackers to manipulate web hosting configurations for any project hosted on the platform without authorization, potentially disrupting critical services or enabling further exploits. The discovery […]
The post IDOR Vulnerability in ExHub Allows Attackers to Alter Hosting Configurations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
17th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 17th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […]
The post 17th February – Threat Intelligence Report appeared first on Check Point Research.
Akira
США отключает системы защиты выборов: что дальше?
CVE-2024-45339 | Google Go up to 1.2.3 symlink (Nessus ID 214906)
CVE-2025-0356 | NEC WX1500HP/WX3600HP os command injection
CVE-2025-0354 | NEC WX4200D5 Web Management Interface cross site scripting
CVE-2010-5059 | CMScout 2.08 index.php album sql injection (EDB-12407 / BID-39707)
Two Estonians plead guilty in $577M cryptocurrency Ponzi scheme
Two Estonian nationals may spend the next 20 years in prison for stealing hundreds of millions of dollars through a massive cryptocurrency Ponzi scheme, the US Department of Justice announced last week. The fraudulent operation “According to court documents, Sergei Potapenko and Ivan Turõgin, both 40, sold contracts to customers entitling them to a share of cryptocurrency mined by the defendants’ purported cryptocurrency mining service, HashFlare,” said the Justice Department. “Between 2015 and 2019, Hashflare’s … More →
The post Two Estonians plead guilty in $577M cryptocurrency Ponzi scheme appeared first on Help Net Security.