Aggregator

A vulnerability was found in sveltejs svelte up to 4.2.18 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-45047. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Red Hat Enterprise Linux 6/7/8/9 and classified as problematic. This vulnerability affects unknown code of the component libvirt. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-8235. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as critical, was found in SeaCMS 13.1. This affects an unknown part of the file admin_ip.php. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-44916. It is possible to initiate the attack remotely. There is no exploit available.

Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.

North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. [...]

The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control.

За полтора года разработки проект завоевал сердца тысяч программистов.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Stranded’ appeared first on Security Boulevard.

De defensieministers uit de Europese Unie kwamen vandaag in Brussel bijeen voor de informele Raad Buitenlandse Zaken Defensie. Ze spraken vooral over de steun aan Oekraïne. Minister Ruben Brekelmans nam voor het eerst deel. Brekelmans benadrukte dat Nederland Oekraïne onverminderd blijft steunen, voor zo lang als dat nodig is.

Что мешает основателю Telegram покинуть страну на собственном джете?

Submit #400440 / VDB-241254

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution (RCE) in the Chromium renderer process. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet, a North Korean threat actor that commonly targets the cryptocurrency sector for financial gain.

The post North Korean threat actor Citrine Sleet exploiting Chromium zero-day appeared first on Microsoft Security Blog.

Загадочный форк может стать ключом к новой эре программного обеспечения.

[SecData#3] 大模型定向测试输入生成数据集 by ourren

网络空间作战装备技术发展现状及趋势分析 by ourren

Java内存马 Filter调用链分析 by ourren

研发技能表 V4.0 by ourren

更多最新文章，请访问SecWiki

The Early Days: Basic Asset Management While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, and network devices. The primary objective was to maintain [...]

The post Evolution of Attack Surface Management appeared first on Wallarm.

The post Evolution of Attack Surface Management appeared first on Security Boulevard.

Поддельный Pao Alto GlobalProtect заражает корпоративные системы.

美国新罕布什尔州一人死于蚊媒病毒东部马脑炎，马萨诸塞州卫生官员警告称，多个州已发现该疾病，10 个县面临高度或严重风险。

The software verification and validation efforts helps NASA improve the safety and cost-effectiveness of its mission-critical software. Cybersecurity is now part of the evaluation.