Aggregator

A vulnerability classified as problematic was found in Apache NimBLE up to 1.7.0. Affected by this vulnerability is an unknown functionality of the component HCI Event Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-51569. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Friends Plugin up to 3.2.1 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-12028. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Gold Addons for Elementor Plugin up to 1.3.2 on WordPress. Affected is an unknown function of the component Activation Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-12110. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Ultimate Coming Soon & Maintenance Plugin up to 1.0.9 on WordPress. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-9706. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Ultimate Coming Soon & Maintenance Plugin up to 1.0.9 on WordPress. Affected by this issue is some unknown functionality of the component Template Name Handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-9705. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in SV100 Companion Plugin up to 2.0.02 on WordPress. This affects an unknown part of the component Options Update Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-12155. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.3.6/17.4.3/17.5.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect ownership assignment. This vulnerability is known as CVE-2024-9633. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The open-source tech landscape continues to innovate, and the release of the CapibaraZero firmware marks another breakthrough. Designed for ESP32-S3-based hardware platforms, CapibaraZero provides a low-cost alternative to the highly popular—but expensive—Flipper Zero, a multifunctional tool for penetration testers, ethical hackers, and tech enthusiasts. With its affordable hardware requirements and flexible firmware, CapibaraZero opens up […]

The post CapibaraZero Firmware With ESP32-S3 Hardware Enables Low Cost Flipper Zero alternative appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

几天来，业内同仁非常关注我的内部公开信。我有必要做出公开的答复，进一步明确安天的发展目标和路径。

不公平厌恶（Inequity aversion、简称 IA）指对公平的偏好和对不平等的厌恶。它是人类公平感的重要组成部分。一部分人认为不公平厌恶是动物界共有的，但另一部分人认为是人类独自演化出来的，旨在适应非亲属之间合作的选择压力。美国和欧洲的研究人员在《Proceedings of the Royal Society B: Biological Sciences》期刊上发表报告，综合分析了 23 项研究的原始数据，涉及了 18 个物种的 60430 个观察结果。结果显示，非人类动物没有发现不公平厌恶的证据。研究人员猜测，可能的解释包括实现不公平厌恶的社会比较机制所需要的计算需求较高，而彼此进行合作的非人类动物有不涉及公平的机制能分配合作成果。

微软为Windows 11增加新功能：可以在设置中调整摄像头分辨率和帧率等

Хакеры Salt Typhoon за год раскрыли слабости Пентагона.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CyberPanel flaw CVE-2024-51378 (CVSS score: 10.0) to its Known Exploited Vulnerabilities (KEV) catalog. The getresetstatus vulnerability in CyberPanel (before commit 1c0c6cb) affects dns/views.py and ftp/views.py. Remote attackers could bypass authentication and execute […]

小心预训练语言模型变成隐私陷阱

漏洞挖掘与复现

Cǎlin Georgescu went from polling around 1% a month before the Romanian presidential election to winning the first round

伏特加制造商 Stoli 因勒索软件攻击申请破产

警方查获Matrix 加密聊天服务

SonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access (SMA) 100 series SSL-VPN appliances. These vulnerabilities could allow attackers to execute remote code, bypass authentication, or compromise system integrity. SonicWall urges users to take immediate action by updating their devices to the latest firmware to mitigate these risks. These issues […]

The post Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Downloading anything from the internet is a gamble these days: you might think that you are downloading an innocuous app from a legitimate firm but thanks to clever misuse of AI and some social engineering, you can end up with information and cryptocurrency-stealing malware. Case in point: Cado Security Labs researchers have recently reported websites set up to impersonate companies offering a video conferencing app, but serving/pushing the Realst info-stealer. Preparing and executing the scam … More →

The post Windows, macOS users targeted with crypto-and-info-stealing malware appeared first on Help Net Security.