Qilin
You must login to view this content
Aggregator
Executive Dark Web Exposure: Protecting your Leadership
3 months 3 weeks ago
Nisos
Executive Dark Web Exposure: Protecting your Leadership
Not long ago, a Social Security number (SSN) felt like a vault key. Private, protected, rarely seen. Today, it’s more like currency...
The post Executive Dark Web Exposure: Protecting your Leadership appeared first on Nisos by Nisos
The post Executive Dark Web Exposure: Protecting your Leadership appeared first on Security Boulevard.
Nisos
Don’t let “back to school” become “back to (cyber)bullying”
3 months 3 weeks ago
Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back
欢迎注册参会|第22届中国信息和通信安全学术会议即将召开
3 months 3 weeks ago
CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits
3 months 3 weeks ago
The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on August 26, 2025, detailing nine critical vulnerabilities in INVT VT-Designer and HMITool (CVSS v4 8.5). Multiple flaws in Schneider Electric Modicon M340 controllers (CVSS v4 scores up to 9.1), and several issues in Danfoss AK-SM 8xxA Series drives (CVSS v3.1 […]
The post CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
Google 在翻译应用中加入 AI 驱动的语言学习功能
3 months 3 weeks ago
Google 正在其翻译应用(Translate app)中加入 AI 驱动的语言学习功能,进入了著名学习平台多邻国的领域。新的 Beta 学习功能使用 Gemini AI 模型生成定制课程。英语用户可以学习西班牙语和法语,西班牙语、法语和葡萄牙语用户可以学习英语。用户可以选择自己的语言水平和学习目标,创建定制学习场景,从专业对话到家庭互动。
CVE-2017-2299 | puppetlabs-apache up to 1.11.0/2.0.x ssl_certs_dir 7pk security (Nessus ID 255084 / BID-100859)
3 months 3 weeks ago
A vulnerability, which was classified as critical, was found in puppetlabs-apache up to 1.11.0/2.0.x. Impacted is an unknown function. Executing manipulation of the argument ssl_certs_dir can lead to 7pk security features.
This vulnerability appears as CVE-2017-2299. The attack may be performed from a remote location. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2018-12322 | radare2 2.6.0 libr/anal/p/anal_6502.c 6502_op Java Binary File out-of-bounds (Nessus ID 255085)
3 months 3 weeks ago
A vulnerability was found in radare2 2.6.0. It has been classified as critical. This affects the function 6502_op of the file libr/anal/p/anal_6502.c. Performing manipulation as part of Java Binary File results in out-of-bounds read.
This vulnerability was named CVE-2018-12322. The attack needs to be approached locally. There is no available exploit.
vuldb.com
CVE-2017-5984 | libav 9.21 libavcodec ff_h264_execute_ref_pic_marking out-of-bounds (Nessus ID 255083)
3 months 3 weeks ago
A vulnerability categorized as critical has been discovered in libav 9.21. The impacted element is the function ff_h264_execute_ref_pic_marking of the component libavcodec. The manipulation results in out-of-bounds read.
This vulnerability was named CVE-2017-5984. The attack may be performed from a remote location. There is no available exploit.
vuldb.com
CVE-2016-8678 | ImageMagick 7.0.3.0 File pixel-accessor.h IsPixelMonochrome out-of-bounds (Nessus ID 255087 / BID-93599)
3 months 3 weeks ago
A vulnerability was found in ImageMagick 7.0.3.0. It has been classified as problematic. Affected is the function IsPixelMonochrome of the file MagickCore/pixel-accessor.h of the component File Handler. This manipulation causes out-of-bounds read.
This vulnerability is tracked as CVE-2016-8678. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2018-20199 | Freeware Advanced Audio Decoder 2.8.8 libfaad/filtbank.c ifilter_bank null pointer dereference (Issue 24 / Nessus ID 255088)
3 months 3 weeks ago
A vulnerability labeled as problematic has been found in Freeware Advanced Audio Decoder 2.8.8. Affected by this issue is the function ifilter_bank of the file libfaad/filtbank.c. Such manipulation leads to null pointer dereference.
This vulnerability is documented as CVE-2018-20199. The attack needs to be performed locally. There is not any exploit available.
vuldb.com
CVE-2024-8069 | Citrix Session Recording/Virtual Apps and Desktops deserialization (CTX691941 / WID-SEC-2024-3443)
3 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Citrix Session Recording and Virtual Apps and Desktops. Affected by this vulnerability is an unknown functionality. Such manipulation leads to deserialization.
This vulnerability is traded as CVE-2024-8069. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2025-3478 | OpenText Enterprise Security Manager up to 7.8.1 cross site scripting (EUVD-2025-25704 / WID-SEC-2025-1904)
3 months 3 weeks ago
A vulnerability identified as problematic has been detected in OpenText Enterprise Security Manager up to 7.8.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2025-3478. Remote exploitation of the attack is possible. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2024-8068 | Citrix Session Recording/Virtual Apps and Desktops privileges management (CTX691941 / EUVD-2024-49530)
3 months 3 weeks ago
A vulnerability was found in Citrix Session Recording and Virtual Apps and Desktops and classified as critical. This vulnerability affects unknown code. The manipulation results in improper privilege management.
This vulnerability is reported as CVE-2024-8068. The attacker must have access to the local network to execute the attack. Moreover, an exploit is present.
It is suggested to upgrade the affected component.
vuldb.com
Beyond Google Play: The End of Anonymous Sideloading Is Coming to Android
3 months 3 weeks ago
Openness has long been the defining distinction between Android and the iPhone, yet in recent years Google has steadily shifted the balance toward security. Now the company is preparing its most radical step yet...
The post Beyond Google Play: The End of Anonymous Sideloading Is Coming to Android appeared first on Penetration Testing Tools.
ddos
ESET warns of PromptLock, the first AI-driven ransomware
3 months 3 weeks ago
ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to […]
Pierluigi Paganini
The Operating System That Changed Everything: Windows 95 Turns 30
3 months 3 weeks ago
On August 24, 2025, the world marked the 30th anniversary of Windows 95—Microsoft’s first truly mass-market 32-bit consumer operating system, a release that profoundly reshaped personal computing. In an era of limited home internet,...
The post The Operating System That Changed Everything: Windows 95 Turns 30 appeared first on Penetration Testing Tools.
ddos
Spyware Exposed: A Critical Unpatched Flaw in TheTruthSpy Puts Thousands at Risk
3 months 3 weeks ago
The creator of the spyware TheTruthSpy—the Vietnamese company 1Byte Software, led by Vanh (Vardi) Tiu—has once again found itself at the center of a major scandal. Independent security researcher Swarang Veid has uncovered a...
The post Spyware Exposed: A Critical Unpatched Flaw in TheTruthSpy Puts Thousands at Risk appeared first on Penetration Testing Tools.
ddos
New Data Theft Campaign Targets Salesforce via Salesloft App
3 months 3 weeks ago
Google is warning of a new credential theft campaign targeting Salesforce customers via Salesloft Drift
New Cache Deception Attack Exploits Miscommunication Between Cache and Web Server
3 months 3 weeks ago
A newly documented cache deception attack leverages mismatches in path normalization and delimiter handling between caching layers and origin servers to expose sensitive endpoints and steal authentication tokens. Researchers have demonstrated how subtle discrepancies in URL processing can trick a content delivery network (CDN) into caching protected resources—only for an attacker to retrieve them later, […]
The post New Cache Deception Attack Exploits Miscommunication Between Cache and Web Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya