Aggregator

A vulnerability was found in Peregrine Themes Bloglo Plugin up to 1.1.3 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-35715. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Theme Freesia Pixgraphy Plugin up to 1.3.8 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-35740. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Creative Motion Woody Ad Snippets Plugin up to 2.4.10 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-35751. The attack may be initiated remotely. There is no exploit available.

Researchers warn of a new Android malware that uses .NET MAUI to mimic legit services and evade detection. McAfee researchers warn of Android malware campaigns using .NET MAUI to evade detection. These threats disguise themselves as legitimate services to steal sensitive information from users. .NET MAUI (Multi-platform App UI) is a cross-platform framework by Microsoft […]

In 2024, the number of users affected by mobile banking malware skyrocketed to nearly 248,000, a staggering 3.6-fold increase from the previous year’s 69,000 affected users. This dramatic rise in malicious activity was particularly pronounced in the latter half of the year, indicating an evolving threat landscape in the mobile finance sector. Mamont Emerges as […]

The post Banking Malware Infects 248,000 Mobile Users Through Social Engineering Techniques appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic has been found in UAPP Testimonial Carousel For Elementor Plugin up to 10.1.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-35713. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Tribulant Newsletters Plugin up to 4.9.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-35718. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in MagniGenie RestroPress Plugin up to 3.1.2.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-35719. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in WP Moose Kenta Gutenberg Blocks Responsive Blocks and Block Templates Library for Gutenberg Editor Plugin up to 1.3.9 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-35731. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in YITH Custom Login Plugin up to 1.7.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-35732. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Theme Freesia Idyllic Plugin up to 1.1.8 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-35714. It is possible to launch the attack remotely. There is no exploit available.

Actions from a real-life breach raises questions about poor password hygiene accountability and why users, policies, and security controls must work together.

The post The Password Hygiene Failure That Cost a Job | Grip Security appeared first on Security Boulevard.

Security researcher Nick Cerne from Bishop Fox has published findings comparing malware development in Rust versus traditional C/C++ languages. The research demonstrates how Rust provides inherent anti-analysis features that make malware more difficult to reverse engineer. According to Cerne’s analysis, languages like Rust, Go, and Nim have become increasingly popular among malware authors for two […]

The post Researchers Compare Malware Development in Rust vs C and C++ appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Go beyond GitHub's scope. Understand the full picture of your secret leaks with GitGuardian, covering public and internal exposures.

The post GitGuardian’s Secrets Risk Assessment: Know Your True Exposure For Free appeared first on Security Boulevard.

A vulnerability was found in net-http up to 1.18.5/1.19.0 on Go. It has been rated as problematic. Affected by this issue is some unknown functionality of the component HTTP2 Connection Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-27664. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in SmartDNS 46. Affected by this issue is some unknown functionality of the file fast_ping.c. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-42643. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in smartdns 54b4dc. It has been classified as critical. This affects an unknown part of the file smartdns/src/util.c. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-24198. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in smartdns 54b4dc. This affects an unknown part of the file smartdns/src/dns.c. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-24199. The attack needs to be approached within the local network. There is no exploit available.

Researchers have introduced ARACNE, a fully autonomous Large Language Model (LLM)-based pentesting agent designed to interact with SSH services on real Linux shell systems. ARACNE is engineered to execute commands autonomously, marking a significant advancement in the automation of cybersecurity testing. The agent’s architecture supports multiple LLM models, enhancing its flexibility and effectiveness in penetration […]

The post ARACNE: LLM-Powered Pentesting Agent Executes Commands on Real Linux Shell Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. [...]