Aggregator

A vulnerability has been found in ImageInject Plugin on WordPress and classified as problematic. This vulnerability affects unknown code of the component TODO Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2022-4243. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Dahua DSS Professional, DSS Express, DHI-DSS7016D-S2, DHI-DSS7016DR-S2 and DHI-DSS4004-S2. This affects an unknown part of the component Packet Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-45431. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Dauha DSS Professional, DSS Express, DHI-DSS7016D-S2, DHI-DSS7016DR-S2 and DHI-DSS4004-S2. This issue affects some unknown processing of the component Packet Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-45430. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Dahua DSS Professional, DSS Express, DHI-DSS7016D-S2, DHI-DSS7016DR-S2 and DHI-DSS4004-S2. Affected is an unknown function. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2022-45429. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in robbert229 JWT. This affects an unknown part of the component HMAC Comparison. The manipulation leads to observable timing discrepancy. This vulnerability is uniquely identified as CVE-2015-10004. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in gorilla handlers. This vulnerability affects unknown code. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2017-20146. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Cloudflare golz4. This affects an unknown part of the component LZ4 Binding Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2014-125026. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Cloud Foundry archiver. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2018-25046. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in btcsuite go-socks. It has been declared as critical. This vulnerability affects the function RemoteAddr/LocalAddr. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2013-10005. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A critical vulnerability in NVIDIA’s Container Toolkit, CVE-2024-0132, remains exploitable due to an incomplete patch, endangering AI infrastructure and sensitive data. Coupled with a newly discovered denial-of-service (DoS) flaw in Docker on Linux, these issues could allow attackers to breach systems, steal proprietary AI models, or disrupt operations. Organizations using these tools for AI or […]

The post NVIDIA’s Incomplete Patch for Critical Flaw Lets Attackers Steal AI Model Data appeared first on Cyber Security News.

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search engine results, pushing malicious websites to the top where unsuspecting users are likely to click. In recent years, this tactic, often known as SEO poisoning or black hat SEO, has seen cybercriminals hijack the reputation of legitimate websites to promote […]

The post Threat Actors Manipulate Search Results to Lure Users to Malicious Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

vuluhub靶机：The Planets: Earth

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the Google Play Store to distribute Android malware. These websites, hosted on newly registered domains, create a façade of credible application installation pages, enticing victims with downloads that appear legitimate, including apps like Google Chrome. The sites are engineered with features […]

The post Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

经请示公安部刑侦局负责同志同意，中国刑事科学技术协会定于2025年5月6日至12日在海南省琼海市举办“打击防范电信网络诈骗犯罪培训班”。

【好消息】之前发布预订的【资料】开源情报企业/智库名录（2025）已经交由成都欧深特公司组织印刷完毕，本次印刷得到两家开源情报企业慷慨赞助，故可免费提供1本给需要的用户。

Запутанность частиц оказалась не философией, а рабочим инструментом для изучения адронизации.

Как простое движение превратилось в повод переписать учебники математики.

Hackers are exploiting what’s known as “Dangling DNS” records to take over corporate subdomains, posing significant threats to organizations’ security frameworks. This attack vector has been increasingly noted by security teams, highlighting the need for constant vigilance in DNS configuration management. A New Threat Landscape Subdomain takeovers occur when a misconfigured or unused subdomain’s DNS […]

The post Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware, signaling its resurgence with attacks targeting Windows, Linux, and ESXi environments. HelloKitty ransomware, initially appearing in October 2020 as a fork of DeathRansom, has evolved significantly in its encryption methods. The ransomware now embeds an RSA-2048 public key, which is […]

The post HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of industries across the globe. In March 2025, this group alone managed to compromise 84 organizations, while new groups like Arkana and CrazyHunter have introduced sophisticated tools and strategies to intensify ransomware attacks. Sophistication in Attack Methods Ransomware groups in March […]

The post RansomHub Ransomware Group Hits 84 Organizations as New Threat Actors Emerge appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.