Aggregator

North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…

In a recent autonomous penetration test, a novel cross-site scripting (XSS) bypass that sidesteps even highly restrictive Web Application Firewalls (WAFs). Security researchers uncovered a ASP.NET application protected by a rigorously configured WAF. Conventional XSS payloads—breaking out of single-quoted JavaScript strings—were promptly blocked. Yet by abusing HTTP parameter pollution, the team managed to split malicious […]

The post Web Application Firewall Bypassed via JS Injection with Parameter Pollution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Новый мессенджер собирается конкурировать с лидерами рынка. Но реальность оказалась далека от амбиций.

A vulnerability has been found in Paysyspro Com Wmi 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file wmi.php. The manipulation of the argument controller leads to path traversal. This vulnerability is traded as CVE-2010-1607. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in Visocrea Com Joomla Visites 1.1. This affects an unknown function of the file core/include/myMailer.class.php. The manipulation of the argument mosConfig_absolute_path results in code injection. This vulnerability is identified as CVE-2010-2918. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Ternaria Com Vjdeo 1.0.1 and classified as problematic. The affected element is an unknown function of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is referenced as CVE-2010-1354. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Joomlamo Com Weberpcustomer up to 1.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file weberpcustomer.php. Such manipulation of the argument controller leads to path traversal. This vulnerability is documented as CVE-2010-1315. The attack can be executed remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

A vulnerability has been found in Dev.pucit.edu.pk Com Webtv 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is documented as CVE-2010-1470. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as critical was found in Com Weblinks on Joomla. Impacted is an unknown function of the file index.php. Executing manipulation of the argument Itemid can lead to sql injection. The identification of this vulnerability is CVE-2010-4938. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Componentslab Com Sqlreport 1.1. This affects an unknown function of the file administrator/components/com_sqlreport/ajax/print.php. Performing manipulation of the argument user_id results in sql injection. This vulnerability is known as CVE-2010-0753. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Joomlamo Com Userstatus 1.21.16. It has been rated as problematic. This impacts an unknown function of the file userstatus.php. This manipulation of the argument controller causes path traversal. This vulnerability appears as CVE-2010-1304. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Webkul Com Ultimateportfolio 1.0. The impacted element is an unknown function of the file index.php. This manipulation of the argument controller causes path traversal. This vulnerability is registered as CVE-2010-1659. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability identified as problematic has been detected in Peter Hocherl Com Tweetla 1.0.1. Impacted is an unknown function of the file index.php. This manipulation of the argument controller causes path traversal. This vulnerability is registered as CVE-2010-1533. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

文章探讨了隐藏的网络安全威胁，包括社会工程、影子IT、智能设备漏洞、供应链攻击及未来AI与量子计算风险。这些威胁利用技术与人为失误对企业与个人构成潜在危害。

Beyond ransomware and phishing, hidden cyberthreats are rising — from AI-driven deepfakes and scams to shadow IT, and supply chain attacks.

The post The Cyberthreats No One Talks About but Everyone Faces appeared first on Security Boulevard.

大质量黑洞通常被视为星系的“心脏”，位于星系中心。但越来越多的观测表明，部分黑洞会偏离核心，在星系盘或外侧边缘地带“游离”。矮星系质量小、演化历史相对简单，其保存了早期黑洞成长的线索。理论预测表明，星系合并后的引力波反冲或多体相互作用，使黑洞在浅引力势阱的矮星系里，易被踢出中心，成为在星系外围游荡的黑洞。上海天文台的团队在距离地球约 2.3 亿光年（红移 z≈0.017）的矮星系 MaNGA 12772-12704里，发现了一个黑洞，它没有待在星系核心，而是偏离中心近 1 千秒差距（约 3 千光年），并喷射出射电喷流。研究团队估计其约为 30 万倍太阳质量，属于中等质量黑洞范畴。

The China-backed threat actors have used the previously undiscovered infrastructure to obtain long-term, stealthy access to targeted organizations.

Submit #645003 / VDB-221591