Aggregator

Псы-киборги против военных тоннелей КНДР.

科技媒体 bleepingcomputer 昨日（3 月 17 日）发布博文，报道称微软安全团队最新发现一种名为 StilachiRAT 的新型远程访问木马（RAT），该恶意软件通过高级技术逃避检测、维持持久性并窃取敏感数据。 IT之家援引博文介绍，尽管当前传播范围有限，微软仍提前公开威胁指标与防御建议，协助网络安全人员降低潜在危害。目前尚未确认该恶意软件的幕后攻击者或地理来源。 StilachiRAT 木马通过 WWStartupCtrl64.dll 模块，扫描 Coinbase、Metamask 等 20 种加密货币钱包扩展，获取数字钱包数据。 此外，该木马还会提取 Chrome 浏览器保存的凭证，监控剪贴板中的密码和加密货币密钥，记录系统硬件信息及活跃的远程桌面协议（RDP）会话。 该木马会收集摄像头状态、GUI 应用运行情况，构建目标系统画像以定位高价值攻击目标，该木马还会通过克隆用户安全令牌伪装登录身份，可突破 RDP 服务器的管理员会话限制，在受害网络内横向渗透。 该木马以独立进程或 Windows 服务形式部署后，绑定 **Windows 服务控制管理器（SCM）** 持久化，利用“看门狗线程”监控自身进程，若被终止将自动重建。 转自IT之家，原文链接：https://www.ithome.com/0/838/701.htm 封面来源于网络，如有侵权请联系删除

A vulnerability classified as problematic was found in lemonldap-ng. This vulnerability affects unknown code of the component FIDO2 Enrollment Page. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-52948. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting a significant vulnerability in Fortinet’s FortiOS and FortiProxy systems, which threat actors are actively exploiting. The authentication bypass vulnerability, tracked as CVE-2025-24472, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in ransomware campaigns. […]

The post CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in Paul Ryley Site Reviews Plugin up to 7.2.4 on WordPress. This affects an unknown part of the component Review Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-1232. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Shearwater SecurEnvoy SecurAccess Enrol up to 9.4.514. It has been rated as critical. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation leads to external control of assumed-immutable web parameter. This vulnerability is handled as CVE-2025-30236. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Shearwater SecurEnvoy SecurAccess Enrol up to 9.4.514. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to race condition. This vulnerability is known as CVE-2025-30235. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MNX SmartOS 60f76fd2-143f-4f57-819b-1ae32684e81b. It has been classified as critical. Affected is an unknown function of the component SSH Key. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2025-30234. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Synology Drive Server and classified as critical. This issue affects some unknown processing of the component WebAPI. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2024-50630. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Synology DiskStation Manager, Unified Controller and BeeStation Manager and classified as problematic. This vulnerability affects unknown code of the component WebAPI. The manipulation leads to escaping of output. This vulnerability was named CVE-2024-50629. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in PX-lab BoomBox Theme Extensions up to 1.8.0 on WordPress. This affects the function boombox_ajax_reset_password. The manipulation leads to weak password recovery. This vulnerability is uniquely identified as CVE-2024-12295. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Synology Drive Server. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-50631. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in chrisbadgett LifterLMS Plugin up to 8.0.1 on WordPress. Affected by this vulnerability is the function delete_access_plan. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-2290. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in ThemeGoods Altair Plugin up to 5.2.4 on WordPress. Affected is an unknown function of the file functions.php of the component User Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-12922. It is possible to launch the attack remotely. There is no exploit available.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In February, Fortinet warned that threat actors were exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in […]

Schneider Electricが提供する複数の製品には、複数の脆弱性が存在します。

Rockwell Automationが提供する複数の製品には、複数の脆弱性が存在します。

A vulnerability, which was classified as problematic, has been found in Bootstrap up to 4.6.2. This issue affects some unknown processing of the component Attribute Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-6531. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Bootstrap up to 3.4.1. Affected is an unknown function of the component Button Plugin. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-6485. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Blubrry PowerPress Podcasting Plugin up to 11.9.10 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument media_url leads to cross site scripting. This vulnerability is handled as CVE-2024-6588. The attack may be launched remotely. There is no exploit available.