Aggregator

近期，一起重大的供应链攻击事件导致至少16个Chrome浏览器扩展程序被黑客入侵，暴露了超过60万用户的数据。攻击者通过钓鱼信息针对Chrome网上应用店的扩展程序发布者，一旦获得账户访问权限，便在扩

Author:(1) Laurence Francis Lacey, Lacey Solutions Ltd, Skerries, County Dublin, Ireland.Editor'

Киберугрозы и инциденты, поделившие мир на «до» и «после».

Trend Micro has addressed six high-severity vulnerabilities in its Apex One and Apex One as a Service product, which could allow attackers to escalate privileges on affected Windows systems. These vulnerabilities were disclosed under the Common Vulnerabilities and Exposures (CVE) system and have been resolved in the latest builds released by Trend Micro. The vulnerabilities could potentially allow local […]

The post Trend Micro Apex One Vulnerabilities Let Escalate Privilege appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Microsoft Windows and classified as critical. This issue affects some unknown processing of the component Kernel. The manipulation leads to integer underflow. The identification of this vulnerability is CVE-2023-28293. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

可能出乎很多人的意料，正面临被 Wayland 取代的 X.Org Server 项目，其开发活跃度达到了 10 年来的最高水平。X.Org Server 在 2024 年共收到 708

可能出乎很多人的意料，正面临被 Wayland 取代的 X.Org Server 项目，其开发活跃度达到了 10 年来的最高水平。X.Org Server 在 2024 年共收到 708 次 commits，过去十年这一数字仅次于 2014 年的 952 次。2024 年 X.Org Server 增加了 11,998 行新代码，删除了 14,680 行代码，远高于过去几年 5~6k 行的代码变更。X.Org Server 的开发主要围绕着 XWayland 项目，以及开发者 Enrico Weigelt 以一己之力对项目的维护工作，他一个人的 commits 就占到了总数的 63%。

A vulnerability classified as problematic was found in DDSN Cm3 Acora Content Management System. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2013-4727. The attack can be launched remotely. Furthermore, there is an exploit available.

12月31日，法国多个城镇和省份的网站无法访问。此前，一个黑客团体声称发动网络攻击，以报复法国支持乌克兰。

Cybersecurity researchers have discovered a malicious package on the npm package registry that masq

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user

error code: 521

作者：Nicolas Grislain 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2412.19291v1#Sx4 摘要 检索增强生成（Retrieval-Augmented Generation, RAG）已成为为大型语言模型（Large Language Models, LLM）提供最新且相关上下文的主流技术。这一技术可以缓解模型生成不准确...

A vulnerability, which was classified as critical, has been found in Trlinux Postaci Webmail 1.1.3. Affected by this issue is some unknown functionality of the file /includes/global.inc of the component GET Request Handler. The manipulation leads to information disclosure (Password). This vulnerability is handled as CVE-2000-1100. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Sun Solaris 2.4. It has been classified as problematic. This affects an unknown part of the component Coredump. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-1999-1413. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cyber Espionage / HackingGerman prosecutors have charged three Russian-German nationals for acting

German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.

A vulnerability classified as problematic was found in IP3 IP3 Netaccess 75. Affected by this vulnerability is an unknown functionality. The manipulation leads to Local Privilege Escalation. This vulnerability is known as CVE-2006-2043. Local access is required to approach this attack. Furthermore, there is an exploit available.

Hello there, not so long ago I published a post about Cyberbro, a FOSS tool

Накрутка рейтинга приводит к распространению вредоносного ПО.