Aggregator

Zero Networks Lands $55M Series C to Drive Zero Trust Growth

Ransomware DataBreachToday.com
3 months ago
Florida Vendor Set to Reach $100M ARR by 2027 With Identity Segmentation, ZTNA Push
With $55 million in Series C funding led by Highland Europe, Zero Networks aims to expand its zero trust architecture through identity segmentation and zero trust network access. The Orlando, Fla.-based microsegmentation startup aims to double headcount and target a $100 million ARR goal by 2027.

Unpatched Buffer Overflow in Schneider Home Devices

Ransomware DataBreachToday.com
3 months ago
Vulnerability Could Enable Remote Code Injection Attacks
When the lights start flickering in homes equipped with Schneider Electric end-of-life smart switches, it could be hackers, now that the French company disclosed a remotely exploitable vulnerability that won't receive a patch. No hacking has been reported to date.

LockBit Crackdown Fragmented Russian Cybercrime Groups

Ransomware DataBreachToday.com
3 months ago
Onslought Also Paved Way for Rise of English-Speaking Hackers
An international law enforcement crackdown on the LockBit ransomware group caused fragmentation and distrust among Russian-speaking cybercrime groups, paving the way for English-speaking hacking groups to gain prominence, experts said Tuesday during a London conference.

OffensiveCon25 – Garbage Collection In V8

Security Boulevard
3 months ago

Authors/Presenters: Richard Abou Chaaya and John Stephenson

Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending the OffensiveCon 25 conference.

Permalink

The post OffensiveCon25 – Garbage Collection In V8 appeared first on Security Boulevard.

Marc Handelman

CVE-2024-39722: Ollama 模型/文件存在性漏洞成因探究及完整利用过程

先知技术社区
3 months ago
此漏洞源于 Ollama 处理 `/api/push` API 请求时对用户提供的模型名称缺乏充分的验证和清理。当用户尝试推送一个模型时,Ollama 服务器会检查该模型是否存在。如果模型名称被构造成一个文件路径(例如,使用路径遍历序列如 `../../..`),服务器的响应(或缺乏错误响应)可以间接揭示该路径在服务器上是否有效。文章详细解释了漏洞的原理以及从爬取模型信息到分析响应的利用过程。

CVE-2022-34706 | Microsoft Windows up to Server 2022 Local Security Authority privilege escalation (EUVD-2022-37656)

Vuldb Updates
3 months ago
A vulnerability classified as critical was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Local Security Authority. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2022-34706. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2017-7061 | Apple Safari up to 10.1.1 WebKit memory corruption (HT207921 / EDB-42666)

Vuldb Updates
3 months ago
A vulnerability classified as critical has been found in Apple Safari up to 10.1.1. Affected is an unknown function of the component WebKit. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2017-7061. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-48432 | Django up to 4.2.21/5.1.9/5.2.1 neutralization for logs (EUVD-2025-16951)

VulDB Recent Entries
3 months ago
A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1. Affected is an unknown function. The manipulation leads to improper output neutralization for logs. This vulnerability is traded as CVE-2025-48432. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-3054 | WP User Frontend Pro Plugin up to 4.1.3 on WordPress upload_files unrestricted upload (EUVD-2025-16962)

VulDB Recent Entries
3 months ago
A vulnerability, which was classified as critical, has been found in WP User Frontend Pro Plugin up to 4.1.3 on WordPress. This issue affects the function upload_files. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2025-3054. The attack may be initiated remotely. There is no exploit available.
vuldb.com

Managed ad