Aggregator

CVE-2025-49619 | Skyvern up to 0.1.85 Jinja block.py special elements used in a template engine (EUVD-2025-17375 / EDB-52335)

Vuldb Updates
5 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in Skyvern up to 0.1.85. This issue affects some unknown processing of the file sdk/workflow/models/block.py of the component Jinja Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The identification of this vulnerability is CVE-2025-49619. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Anubis Ransomware Adds Wiper Capability, for Unclear Reasons

DataBreachToday.com
5 months 4 weeks ago
Move Raises Possibility Group Isn't Just Marketing Its Malware to Criminals
Up-and-coming ransomware group Anubis has tweaked its malware to irrevocably wipe victims' data - an unusual tactic from hackers whose typical corrupt bargain is restored data in exchange for extortion money. Why would a ransomware attacker seeking leverage in negotiations ever do this?

Scattered Spider Targeting American Insurance Firms

DataBreachToday.com
5 months 4 weeks ago
Hackers Posing as Help Desks and Call Centers to Target Victims, Google Warns
A hacking collective behind recent cyberattacks on major British retailers has pivoted to target U.S. insurance firms, warned Google. Scattered Spider, tracked as UNC3944 by Google, is a financially motivated threat group consisting largely of English-speaking adolescents.

$5.48M Lawsuit Settlement Reached in Software Vendor Hack

DataBreachToday.com
5 months 4 weeks ago
Several Affected HealthEC Healthcare Clients Are Chipping in to Fund Settlement
A provider of artificial intelligence-enabled hospital cost-cutting software and several of its healthcare clients agreed to $5.48 million to settle proposed class action litigation involving a 2023 hacking incident affecting 4.6 million individuals.

Malicious PyPI Package Targets Developer Credentials

DataBreachToday.com
5 months 4 weeks ago
JFrog uncovers multi-stage malware harvesting cloud secrets
Multi-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform.

Report: Next-Gen 911 Systems are Outpacing Cyber Defenses

DataBreachToday.com
5 months 4 weeks ago
Research Shows Next-Generation 9-1-1 Ecosystems Lack Critical Cyber Protections
A report from telecom firm Intrado warns that cybersecurity safeguards are lagging behind the rapid deployment of next-generation 911 systems, exposing the emergency ecosystem to attacks ranging from VoIP floods to ransomware amid growing reliance on cloud-based and IP-connected technologies.

Nightingale: A comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment

Penetration Testing Tools - Metepreter.org
5 months 4 weeks ago

Docker for Pentesters Docker containerization is the most powerful technology in the current market so I came up with the idea to develop Docker images for Pentesters. Nightingale contains all the required well-known tools...

The post Nightingale: A comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment appeared first on Penetration Testing Tools.

ddos

INC

Dark Feed IO
5 months 4 weeks ago

You must login to view this content

cohenido

Weekly Report: 複数のマイクロソフト製品に脆弱性

統合版 JPCERT/CC
5 months 4 weeks ago
複数のマイクロソフト製品には、脆弱性があります。マイクロソフトは、今回修正された一部の脆弱性を悪用する攻撃をすでに確認しているとのことです。この問題は、Microsoft Updateなどを用いて、更新プログラムを適用することで解決します。詳細は、開発者が提供する情報を参照してください。

CVE-2017-7004 | Apple macOS 10.12.3 Userspace Entitlement race condition (EDB-42145 / Nessus ID 100270)

Vuldb Updates
5 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in Apple macOS 10.12.3. This issue affects some unknown processing of the component Userspace Entitlement. The manipulation leads to race condition. The identification of this vulnerability is CVE-2017-7004. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-49738 | WWBN AVideo 15fed957fb HTTP Request image404Raw.php file inclusion (TALOS-2023-1881 / EUVD-2023-53661)

Vuldb Updates
5 months 4 weeks ago
A vulnerability was found in WWBN AVideo 15fed957fb. It has been classified as problematic. Affected is an unknown function of the file image404Raw.php of the component HTTP Request Handler. The manipulation leads to file inclusion. This vulnerability is traded as CVE-2023-49738. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2023-49864 | WWBN AVideo 15fed957fb HTTP Request aVideoEncoderReceiveImage.json.php downloadURL_image file inclusion (TALOS-2023-1880 / EUVD-2023-53772)

Vuldb Updates
5 months 4 weeks ago
A vulnerability classified as problematic has been found in WWBN AVideo 15fed957fb. This affects the function downloadURL_image of the file aVideoEncoderReceiveImage.json.php of the component HTTP Request Handler. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2023-49864. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2023-50172 | WWBN AVideo 15fed957fb HTTP Request userRecoverPass.php password recovery (TALOS-2023-1897 / EUVD-2024-0299)

Vuldb Updates
5 months 4 weeks ago
A vulnerability classified as problematic was found in WWBN AVideo 15fed957fb. This vulnerability affects unknown code of the file userRecoverPass.php of the component HTTP Request Handler. The manipulation leads to weak password recovery. This vulnerability was named CVE-2023-50172. The attack can be initiated remotely. There is no exploit available.
vuldb.com

Managed ad