Aggregator

A vulnerability, which was classified as problematic, was found in Axeptio Plugin up to 2.5.3 on WordPress. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2024-54270. It is possible to launch the attack remotely. There is no exploit available.

注1：本文引用的实际案例均来自业界公开渠道。注2：同一类云服务、功能在不同的云厂商可能叫法不同，例如AWS IAM和阿里云 RAM本质上是一个东西，本文默认使用AWS的定义。目录：• 前言• 攻击面概

Более 500 компаний провели сокращения.

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns.  Delivered as attachments disguised as archives or Microsoft 365 files, it employs malicious Microsoft Office documents to spread through command-and-control (C2) infrastructure.  It targets sensitive data, including login credentials, financial information, system data, and personally identifiable information, posing a significant […]

The post New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

魔镜魔镜告诉我，谁是世界上最厉害的memory safety sanitizer？

A vulnerability was found in Linux Kernel up to 4.14.1. It has been declared as problematic. Affected by this vulnerability is the function mincore of the file mm/pagewalk.c. The manipulation leads to information disclosure (Kernel Memory). This vulnerability is known as CVE-2017-16994. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in WP AutoComplete Search Plugin up to 1.0.4 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2022-4297. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

INTERPOL has called for the term “romance baiting” to replace “pig butchering,” a phrase widely used to describe a manipulative scam where victims are emotionally exploited and financially defrauded. The international law enforcement organization emphasizes that the new term fosters respect for victims while squarely holding fraudsters accountable. INTERPOL Urges to End ‘Pig Butchering’ The […]

The post INTERPOL Urges to End ‘Pig Butchering’ & Replaces With “Romance Baiting” appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Roblox ответит в суде за игнорирование распространения азартных игр на платформе.

Trend Micro highlighted a case where an attacker posed as a client on an MS Teams call to distribute DarkGate malware