Aggregator

A vulnerability was found in dejureorg Vernetzungsfunktion Plugin up to 1.97.5 on WordPress. It has been declared as problematic. This vulnerability affects the function djo_einstellungen_menue of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-11417. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in bplugins FAQ and Answers Plugin up to 1.1.0 on WordPress. It has been rated as problematic. This issue affects the function faq of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11882. The attack may be initiated remotely. There is no exploit available.

2025年1月，国产AI大模型DeepSeek横空出世，以媲美同性能模型的性能和不足其1/10的训练成本，一举 […]

Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution in multi-layered credential theft operations.  The operation utilizes Pinterest’s visual bookmarking service as an intermediary redirector, demonstrating attackers’ increasing sophistication in bypassing traditional email security filters. Campaign Mechanics and Delivery Vector […]

The post Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this Help Net Security, Oded Hareven, CEO of Akeyless Security, discusses how enterprises should adapt their cybersecurity strategies to address the growing need for machine-to-machine (M2M) security. According to Hareven, machine identities must be secured and governed similarly to human identities, focusing on automation and policy-as-code. How should enterprises reframe their cybersecurity strategies to account for machine-to-machine interactions? Enterprises need to recognize that machine-to-machine interactions have fundamentally different identity requirements than human-to-system interactions. Traditional … More →

The post The risks of autonomous AI in machine-to-machine interactions appeared first on Help Net Security.

A vulnerability was found in Ls3 Fenice 1.10. It has been classified as critical. This affects the function parse_url. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-2022. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Amazon Phish Hunts for Security Answers and Payment Information

The post Amazon Phish Hunts for Security Answers and Payment Information appeared first on Security Boulevard.

A CVSS score 8.0 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-02-18, 29 days ago. The vendor is given until 2025-06-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.3 AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-02-18, 29 days ago. The vendor is given until 2025-06-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bobby Gould and Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2025-02-18, 28 days ago. The vendor is given until 2025-06-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mark Vincent Yason (markyason.github.io)' was reported to the affected vendor on: 2025-02-18, 23 days ago. The vendor is given until 2025-06-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

中电安科多个岗位热招中，期待你的加入，一起追梦前行！

使用相同的刷新令牌和新的设备标识，Storm-2372能够获得主刷新令牌（PRT）并访问其资源。目前已经观察到Storm-2372使用连接的设备收集电子邮件。

A vulnerability has been found in Apple iOS up to 10.2 and classified as critical. This vulnerability affects unknown code of the component WebKit. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-2460. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Safari 2.0/2.0.1/2.0.2/2.0.3/2.0.4. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2008-0298. The attack can be initiated remotely. Furthermore, there is an exploit available.

A novel persistence mechanism exploiting Microsoft’s Text Services Framework (TSF) has been uncovered by researchers at Praetorian Labs, revealing a sophisticated method for maintaining long-term access to compromised systems. While requiring administrative privileges for initial deployment, this technique enables stealthy code execution across dozens of critical Windows processes through aboriginal system components designed for text […]

The post Microsoft Text Services Framework Exploited for Stealthy Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Microweber up to 0.94 and classified as critical. Affected by this issue is some unknown functionality of the file Category.php. The manipulation of the argument parent_id leads to sql injection. This vulnerability is handled as CVE-2014-9464. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in PHP up to 5.2.0. This issue affects some unknown processing of the component Filters. The manipulation leads to format string. The identification of this vulnerability is CVE-2007-1452. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Your business can’t realize the many benefits of cloud computing without ensuring performance and availability in its cloud environments. Let’s look at some examples. Scalability: To scale your business’s cloud computing services, you need those services to be available and to perform according to your business’s requirements. Otherwise, your business might miss out on opportunities or end up paying for resources it doesn’t use. Disaster recovery: In the event of a disaster, you might need … More →

The post Balancing cloud security with performance and availability appeared first on Help Net Security.

A vulnerability classified as problematic has been found in maheshmaharjan Catch Popup Plugin up to 1.4.4 on WordPress. Affected is the function catch-popup of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-11427. It is possible to launch the attack remotely. There is no exploit available.