Aggregator

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

Chainguard announced Chainguard VMs, a new product line offering minimal, zero-CVE virtual machine images built entirely from source. Purpose-built for modern, ephemeral workloads in the cloud, Chainguard VMs represent a stark contrast to the legacy, general-purpose VMs that dominate the market today. Chainguard VMs are guarded container host images, which offer a cloud-agnostic, threat-resistant environment for deploying and running containers. Chainguard VMs will help enterprises reduce costly engineering toil associated with container host maintenance and … More →

The post Chainguard VMs reduces risk and engineering complexity appeared first on Help Net Security.

Цена атаки упала в десятки раз – теперь ваш аккаунт стоит как чашка кофе.

新型SectopRAT木马武器化Cloudflare验证系统，通过伪造CAPTCHA攻击Windows用户，窃取敏感数据并建立持久后门。企业感染率激增，传统安全方案难检测。

A vulnerability, which was classified as very critical, was found in MLflow 1.1.0. This affects an unknown part. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-37053. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Gradio and classified as critical. This vulnerability affects unknown code. The manipulation of the argument GITHUB_TOKEN/HF_TOKEN/VERCEL_ORG_ID/VERCEL_PROJECT_ID/COMMENT_TOKEN/AWSACCESSKEYID/AWSSECRETKEY/VERCEL_TOKEN leads to improper authorization. This vulnerability was named CVE-2024-4254. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in MLflow 1.1.0 and classified as very critical. This issue affects some unknown processing. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-37052. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in MLflow 0.9.0. It has been classified as very critical. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-37054. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Newsletter Plugin up to 8.3.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument np1 leads to cross site scripting. This vulnerability is known as CVE-2024-5317. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Wow-Company Easy Digital Downloads Plugin up to 1.0.2 on WordPress. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2024-35629. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in WPvivid Backup for MainWP Plugin up to 0.9.32 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-35664. The attack can be initiated remotely. There is no exploit available.

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a

A vulnerability classified as problematic has been found in Synametrics Xeams up to 4.5 Build 5755. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2015-3141. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

BrowserStack launched Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements. Private Devices offers exclusive access to customized real devices housed in secure data centers, enabling persistent configurations and advanced testing capabilities without compromising on security or performance. This new offering complements BrowserStack’s comprehensive testing platform, which currently serves over 50,000 customers globally. “With Private Devices, we’re addressing the critical needs of enterprise customers who require … More →

The post BrowserStack Private Devices helps organizations comply with stringent security requirements appeared first on Help Net Security.

Какие испытания пришлись на век легендарной релятивистской установки.

Ошибка раскрывает секреты более 3400 серверов через сеть.

Киберпреступники нарушили работу одного из крупнейших поставщиков мяса в регионе.

Cyberhaven announced a major enhancement to its Linea AI platform with the introduction of advanced content understanding capabilities powered by frontier AI models. This enables Linea AI to intelligently analyze and contextualize all forms of content, including complex visual data, marking a significant advance beyond traditional content inspection approaches used in data security. “While traditional security tools rely on basic pattern matching like looking for a 16-digit number to identify credit cards, we’re bringing true … More →

The post Cyberhaven enhances Linea AI platform to improve data security appeared first on Help Net Security.

A vulnerability was found in Brave Popup Builder Plugin up to 0.6.8 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-35655. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Themesflat Addons for Elementor Plugin up to 2.1.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-35666. It is possible to launch the attack remotely. There is no exploit available.