Aggregator

CVE-2024-35177 | Wazuh up to 4.8.x on Windows rsync.dll access control (Nessus ID 216199)

4 months 4 weeks ago

A vulnerability, which was classified as critical, was found in Wazuh up to 4.8.x on Windows. This impacts an unknown function in the library rsync.dll. The manipulation results in improper access controls. This vulnerability is cataloged as CVE-2024-35177. The attack must be initiated from a local position. There is no exploit available. You should upgrade the affected component.

vuldb.com

CVE-2024-47770 | Wazuh up to 4.9.0 privileges management (Nessus ID 216199)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in Wazuh up to 4.9.0 and classified as critical. Affected by this vulnerability is an unknown functionality. Such manipulation leads to improper privilege management. This vulnerability is documented as CVE-2024-47770. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2024-52875 | GFI Kerio Control up to 9.2.5 GET Parameter response splitting (KIS-2024-07)

Vuldb Updates

4 months 4 weeks ago

A vulnerability categorized as critical has been discovered in GFI Kerio Control up to 9.2.5. Impacted is an unknown function of the component GET Parameter Handler. The manipulation results in http response splitting. This vulnerability is cataloged as CVE-2024-52875. The attack may be launched remotely. Furthermore, there is an exploit available. Applying a patch is advised to resolve this issue.

vuldb.com

BreachForums administrator given three-year prison stint after resentencing

The Record

4 months 4 weeks ago

Conor Fitzpatrick, aka BreachForums founder "pompompurin," will spend three years in prison after a court vacated an earlier decision to set him free on supervised release.

CVE-2025-43354 | Apple watchOS up to 18.2 App information disclosure (EUVD-2025-29307)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in Apple watchOS. It has been classified as problematic. This issue affects some unknown processing of the component App. Performing manipulation results in information disclosure. This vulnerability was named CVE-2025-43354. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-43354 | Apple iOS/iPadOS up to 18.7 App information disclosure (EUVD-2025-29307)

Vuldb Updates

4 months 4 weeks ago

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS. Affected by this issue is some unknown functionality of the component App. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-43354. Attacking locally is a requirement. No exploit is available. You should upgrade the affected component.

vuldb.com

CVE-2025-43354 | Apple tvOS up to 18.4 App information disclosure (EUVD-2025-29307)

Vuldb Updates

4 months 4 weeks ago

A vulnerability has been found in Apple tvOS and classified as problematic. This affects an unknown part of the component App. This manipulation causes information disclosure. This vulnerability is handled as CVE-2025-43354. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2025-43354 | Apple visionOS up to 18.4 App information disclosure (EUVD-2025-29307)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in Apple visionOS up to 18.4 and classified as problematic. This vulnerability affects unknown code of the component App. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-43354. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-43315 | Apple macOS up to 14.7/15.6 App information disclosure (EUVD-2025-29310)

Vuldb Updates

4 months 4 weeks ago

A vulnerability, which was classified as problematic, has been found in Apple macOS up to 14.7/15.6. Affected is an unknown function of the component App. Performing manipulation results in information disclosure. This vulnerability was named CVE-2025-43315. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

Mydata

Dark Feed IO

4 months 4 weeks ago

You must login to view this content

cohenido

幻影|一款漏洞挖掘的浏览器扩展辅助工具|收集中的隐藏接口和敏感信息

先知技术社区

4 months 4 weeks ago

一款面向 SRC 场景的浏览器插件，自动收集页面及相关资源中的敏感信息与可疑线索，支持基础扫描、深度递归扫描、批量 API 测试及结果导出与自定义正则配置。可以帮助用户高效的测试api接口与探测目录

'SlopAds' Fraud Campaign Uses Novel Obfuscation Techniques

Ransomware DataBreachToday.com

5 months ago

Steganography, Mobile Marketing Attribution, Code Obfuscation Deployed for Ad Fraud
A cybercrime crew using Android mobile apps to conduct advertising fraud took unusual pains to hide its activity, concealing malicious code in downloadable digital images and holding off from infecting the subset of users who organically found their apps through the Google Play store.

Scattered Spider Tied to Fresh Attacks on Financial Services

Ransomware DataBreachToday.com

5 months ago

Recent, Targeted Attacks Suggest Undercut Group's Claimed 'Going Dark' Retirement
Elements of the notorious ransomware collective lately calling itself Scattered Lapsus$ Hunters appear to be targeting fresh victims, including a U.S. banking organization if not the sector at large, despite a member of the group claiming it would be "going dark" and retiring.

Jaguar Land Rover Extends Production Halt

Ransomware DataBreachToday.com

5 months ago

Economic Losses of Carmaker, Suppliers Piling Up
British auto manufacturer Jaguar Land Rover will extend a production pause until late September as it enters its third week of contending with a cyber incident that forced it to shut down assembly lines across the globe.

DEF CON 33: Illumicon

Security Boulevard

5 months ago

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: Illumicon appeared first on Security Boulevard.

Marc Handelman

大模型改击与传统攻击的进化图增(一)

先知技术社区

5 months ago

虽然大模型安全攻击的目标是模型的“认知”过程（理解、推理、生成），而传统攻击更多针对的是程序的执行流程、数据存储和网络通信，但许多底层的攻击哲学和策略是相通的。它们都涉及理解系统的工作原理，寻找其薄弱环节，并通过精心设计的输入或交互来操纵系统，使其偏离预期轨道，服务于攻击者的目的

Brain Cipher

Dark Feed IO

5 months ago

You must login to view this content

cohenido

Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs

CyberScoop

5 months ago

The tech giant doesn’t provide details about the severity of vulnerabilities it discloses, but none of the new defects are under active attack.

The post Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs appeared first on CyberScoop.

Matt Kapko

Раскрыта тайна «пятого элемента»: астрономы нашли виновника аномального «креста Эйнштейна»

Securitylab.ru

5 months ago

Астрономы нашли то, что скрывалось от глаз миллиарды лет.

CVE-2025-30075 | Alludo MindManager up to 25.0.207 on Windows uncontrolled search path

VulDB Recent Entries

5 months ago

A vulnerability marked as problematic has been reported in Alludo MindManager up to 25.0.207 on Windows. This issue affects some unknown processing. This manipulation causes uncontrolled search path. The identification of this vulnerability is CVE-2025-30075. The attack can only be executed locally. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

Aggregator

Managed ad