Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs
Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems.
Aggregator
Residential proxies evaded IP reputation checks in 78% of 4B sessions
2 months 3 weeks ago
Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. [...]
Bill Toulas
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
2 months 3 weeks ago
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0.
"This
The Hacker News
ALP001
2 months 3 weeks ago
You must login to view this content
cohenido
DragonForce
2 months 3 weeks ago
You must login to view this content
cohenido
DragonForce
2 months 3 weeks ago
You must login to view this content
cohenido
Medtech giant Stryker says it’s back up after Iranian cyberattack
2 months 3 weeks ago
The Handala group claimed responsibility for hitting the company with a wiper attack last month.
The post Medtech giant Stryker says it’s back up after Iranian cyberattack appeared first on CyberScoop.
Tim Starks
WorldLeaks
2 months 3 weeks ago
You must login to view this content
cohenido
Software supply chain hacks trigger wave of intrusions, data theft
2 months 3 weeks ago
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be circulating” as a result of this and the Trivy, KICS, LiteLLM, and Telnyx supply chain attacks (linked to TeamPCP). “This could enable further software supply chain attacks, software as a service (SaaS) environment compromises (leading to downstream customer compromises), ransomware and extortion events, and cryptocurrency theft over the near term,” … More →
The post Software supply chain hacks trigger wave of intrusions, data theft appeared first on Help Net Security.
Zeljka Zorz
New Dark Web Entity Threat Market Targets Lockheed Martin
2 months 3 weeks ago
You must login to view this content
cohenido
Threat Market New Threat Actor
2 months 3 weeks ago
You must login to view this content
cohenido
Apple security advisory (AV26-275) - Update 1
2 months 3 weeks ago
Canadian Centre for Cyber Security
亚马逊洽谈收购 Globalstar 以挑战 Starlink
2 months 3 weeks ago
亚马逊正在洽谈收购 Globalstar 以帮助它与 SpaceX 的 Starlink 宽带卫星星座展开竞争。苹果持有 Globalstar 五分之一的股份,因此亚马逊和苹果需要展开谈判,增加了交易的复杂性。双方的磋商可能会破裂,无法达成任何协议。Globalstar 成立于 1991 年,受收购传闻的推动,周三市值达到 90 亿美元。苹果是在 2024 年向 Globalstar 投资 15 亿美元从而拥有 20% 股份。
CVE-2024-44003 | spicethemes Spice Starter Sites Plugin up to 1.2.5 on WordPress cross site scripting
2 months 3 weeks ago
A vulnerability classified as problematic has been found in spicethemes Spice Starter Sites Plugin up to 1.2.5 on WordPress. This vulnerability affects unknown code. This manipulation causes cross site scripting.
This vulnerability is registered as CVE-2024-44003. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2024-44005 | Wpsoul Greenshift Plugin up to 9.3.7 on WordPress cross site scripting
2 months 3 weeks ago
A vulnerability classified as problematic was found in Wpsoul Greenshift Plugin up to 9.3.7 on WordPress. This issue affects some unknown processing. Such manipulation leads to cross site scripting.
This vulnerability is documented as CVE-2024-44005. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2024-45453 | Maintenance Redirect Plugin up to 2.0.1 on WordPress Maintenance Mode access control
2 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Maintenance Redirect Plugin up to 2.0.1 on WordPress. The impacted element is an unknown function of the component Maintenance Mode. Executing a manipulation can lead to improper access controls.
This vulnerability appears as CVE-2024-45453. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2024-44048 | wpWax Product Carousel Slider & Grid Ultimate for WooCommerce Plugin path traversal
2 months 3 weeks ago
A vulnerability categorized as critical has been discovered in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce Plugin up to 1.9.10 on WordPress. Impacted is an unknown function. Executing a manipulation can lead to path traversal.
This vulnerability is tracked as CVE-2024-44048. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2024-43989 | Firsh Justified Image Grid Plugin up to 4.6.1 on WordPress server-side request forgery
2 months 3 weeks ago
A vulnerability labeled as critical has been found in Firsh Justified Image Grid Plugin up to 4.6.1 on WordPress. The impacted element is an unknown function. The manipulation results in server-side request forgery.
This vulnerability is cataloged as CVE-2024-43989. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-47303 | Livemesh Addons for Elementor Plugin up to 8.5 on WordPress cross site scripting
2 months 3 weeks ago
A vulnerability was found in Livemesh Addons for Elementor Plugin up to 8.5 on WordPress. It has been classified as problematic. This affects an unknown function. Performing a manipulation results in cross site scripting.
This vulnerability is identified as CVE-2024-47303. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2024-43237 | TaxoPress Tag Cloud Plugin up to 2.0.3 on WordPress information disclosure
2 months 3 weeks ago
A vulnerability identified as problematic has been detected in TaxoPress Tag Cloud Plugin up to 2.0.3 on WordPress. This issue affects some unknown processing. Performing a manipulation results in information disclosure.
This vulnerability is cataloged as CVE-2024-43237. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com