Aggregator

A sophisticated malware campaign dubbed “HollowQuill” has emerged as a significant threat to academic institutions and government agencies worldwide. The attack leverages weaponized PDF documents disguised as research papers, grant applications, or official government communiques to entice unsuspecting victims into initiating the infection chain. The malware employs advanced social engineering tactics to increase its success […]

The post HollowQuill Malware Attacking Government Agencies Worldwide Via Weaponized PDF Documents appeared first on Cyber Security News.

Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.  As before, all the newly discovered play

A sophisticated campaign by the Pakistan-linked SideCopy Advanced Persistent Threat (APT) group has emerged since late December 2024, targeting critical Indian government sectors with enhanced tactics. The group has significantly expanded its scope beyond traditional defense and maritime sectors to now include entities under railway, oil & gas, and external affairs ministries, demonstrating an alarming […]

The post SideCopy APT Hackers Mimic as Government Personnel to Deploy Open-Source XenoRAT Tool appeared first on Cyber Security News.

Amnesty International раскрывает документы, подтверждающие тревожную тенденцию в регионе.

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools,

关键词安全漏洞Adobe 已发布了一套全面的安全更新，用于修复旗下十二款产品中存在的多个漏洞。

关键词网络攻击甲骨文最终在发送给客户的电子邮件通知中证实，一名黑客窃取并泄露了其所称的“两台过时的服务器”中的

关键词人工智能Windows 11 上的 Copilot 正在测试操作系统级集成，允许您与 Copilot 共

关键词chatgptOpenAI准备推出多达三种新的 AI 模型，分别名为“o4-mini”、“o4-mini

A vulnerability was found in PickPlugins Post Grid Plugin up to 2.2.74 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-30441. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in GS Plugins GS Testimonial Slider Plugin up to 3.1.4 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-30443. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in BoldThemes Bold Page Builder Plugin up to 4.8.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-30442. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in BestWebSoft Limit Attempts Plugin up to 1.2.9 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-30439. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Hometory Mang Board WP Plugin up to 1.8.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-30431. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Themify Event Post Plugin up to 1.2.7 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-30440. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in GamiPress Plugin up to 6.8.5 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-30455. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in bPlugins B Slider Plugin up to 1.1.12 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-30432. The attack can be initiated remotely. There is no exploit available.

Новая схема с таможней-фантомом.