Aggregator

APT-C-60 launched a phishing attack in August 2024, targeting domestic organizations with malicious emails disguised as job applications. These emails, sent to recruitment departments, contained malware designed to compromise systems and potentially steal sensitive data.  The attack leverages a targeted phishing email to distribute a malicious VHDX file hosted on Google Drive. Once mounted, the […]

The post APT-C-60 Attacking HR Department With Weaponized Resumes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Неочевидный риск, который оказался критическим.

我是见识过惨剧后再次好心提醒诸位

腾讯宣布将于 2026 年终止任天堂旗舰游戏机 Nintendo Switch 的网络相关服务。腾讯和任天堂于 2019 年联合推出 Switch。但中国的主流游戏是手游，Switch一直难以渗透。腾讯将于 2026 年 3月 底停止软件的在线销售，同年 5 月 15 日不再提供软件下载。联网对战和社交分享等网络服务也将于同一天停止。期间用户可免费下载《马里奥》和《精灵宝可梦》等约 10 款相关游戏中的4款。免费下载服务从 11 月 27 日上午开始，预计截 至 2026 年 5 月 15 日。

抗生素抵抗日益成为全球的一大健康风险。发表在 PNAS 期刊上的一项研究调查了 2016-2023 年间 67 个国家的抗生素消费趋势，发现期间总消费量增加了 16.3%，从 295 亿 DDDs 增加到 343 亿 DDDs（DDD 代表 defined daily doses 或限定日剂量）。平均抗生素消费率增加了 10.6%，从每天每千名居民 13.7 个 DDDs 增加到 15.2 个 DDDs。中等收入国家（包括中低收入国家和中低收入国家）的消费率增长了 18.6%，而高收入国家的消费率下降了 4.9%。2019 冠状病毒大流行影响显著，2020 年消费量大幅下降，特别是在高收入国家（- 17.8%），然后中等收入国家出现反弹。抗生素消费增幅最大的国家是中等收入国家，特别是越南等中低收入国家，增幅超过一倍，以及泰国和中美洲等中低收入国家。

A vulnerability was found in WP WOX Footer Flyout Widget Plugin up to 1.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-53732. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in WP Mailster Plugin up to 1.8.16.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-53737. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Rohit Harsh Fence URL Plugin up to 2.0.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-53733. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Fintelligence Calculator Plugin up to 1.0.3 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-53731. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP-speedup Block Editor Bootstrap Blocks Plugin up to 6.6.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-11402. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Idealien Studios Idealien Category Enhancements Plugin up to 1.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-53734. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Pathomation Plugin up to 2.5.1 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-52490. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Jason Grim Custom Shortcode Sidebars Plugin up to 1.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-53736. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Automation Web Platform Wawp Plugin up to 3.0.17 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2024-52475. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siempelkamp UmweltOffice up to 7.4.2 and classified as critical. This issue affects some unknown processing of the component HTTP Request Handler. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-8308. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Rank Math SEO Plugin up to 1.0.231 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2024-11620. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Softpulse Infotech SP Blog Designer Plugin up to 1.0.0 on WordPress. This affects an unknown part. The manipulation leads to path traversal: '.../...//'. This vulnerability is uniquely identified as CVE-2024-52498. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in TriIncom Express Payments Module Plugin up to 1.1.8 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-52474. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Eniture Technology Distance Based Shipping Calculator Plugin up to 2.0.21 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-52495. The attack can be launched remotely. There is no exploit available.