Aggregator

A vulnerability was found in Zyxel VMG4325-B10A up to 1.00(AAFR.4)C0_20170615. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2024-40891. The attack may be initiated remotely. There is no exploit available.

A new variant of malware, known as FlexibleFerret, has been identified targeting macOS users while evading detection by Apple’s XProtect tool. This malware is part of a broader campaign attributed to North Korean threat actors, who have been using sophisticated tactics to lure victims into installing malicious software. The Ferret family of malware, including variants […]

The post FlexibleFerret Malware Attacking macOS Users, Evading XProtect Detections appeared first on Cyber Security News.

A newly identified zero-day vulnerability in the widely used 7-Zip archiving software, designated as CVE-2025-0411. This critical flaw, which was exploited in the wild, is enabling threat actors to bypass vital Windows security protections and deploy SmokeLoader malware. The campaign has predominantly targeted Ukrainian organizations, with experts suspecting links to Russian cybercrime groups amid the […]

The post Hackers Exploiting 7-Zip Zero-Day Vulnerability to Deploy SmokeLoader Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

История блестящего взлома и глупого провала.

Currently trending CVE - hypeScore: 1 - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, in

Currently trending CVE - hypeScore: 1 - Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote att

Currently trending CVE - hypeScore: 3 - go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

Currently trending CVE - hypeScore: 3 - The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

Hackers have exploited a zero-day vulnerability in the popular file archiver 7-Zip to deploy SmokeLoader malware.  The vulnerability, tracked as CVE-2025-0411, was identified in September 2024 and has since been actively used in cyberattacks targeting Ukrainian entities.  CVE-2025-0411 is a high-severity vulnerability (CVSS score: 7.0) that allows attackers to bypass Windows’ Mark-of-the-Web (MoTW) security mechanism.  […]

The post Hackers Exploiting 7-Zip Zero-Day Vulnerability to Deploy SmokeLoader Malware  appeared first on Cyber Security News.

A Canadian man has been indicted in federal court in New York for exploiting vulnerabilities in two decentralized finance (DeFi) protocols to fraudulently obtain about $65 million from the protocols’ investors. The fraudulent scheme According to court documents, from 2021 to 2023, Andean Medjedovic, 22, allegedly exploited vulnerabilities in the automated smart contracts used by the KyberSwap and Indexed Finance decentralized finance protocols. Medjedovic borrowed hundreds of millions of dollars in digital tokens, which he … More →

The post Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities appeared first on Help Net Security.

Шестеро неопытных управленцев управляют данными о гражданах страны.

文章探讨了关于DeepSeek的普遍误解，指出了过度神化和无脑贬低这两种极端态度都不可取。

如果不做安全，我还能做什么？自己选的路，跪着也要走完！

A vulnerability was found in iqonicdesign SocialV Plugin up to 2.0.15 on WordPress and classified as problematic. Affected by this issue is the function socialv_send_download_file. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-13529. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in sonalsinha21 SKT Blocks Plugin up to 1.7 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13733. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in shopsite ShopSite Plugin up to 1.5.10 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-13510. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in iqonicdesign SocialV Plugin up to 2.0.15 on WordPress and classified as problematic. Affected by this issue is the function socialv_send_download_file. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-13529. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in mlfactory DSGVO All in one Plugin up to 4.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user_remove_form.php. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-13356. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in smub WPForms Plugin up to 1.9.3.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13403. It is possible to launch the attack remotely. There is no exploit available.

Мощная волна кибернападений вынудила компанию экстренно менять IP-адреса.