Aggregator

错误配置下shiro没有做出相应“正确”的行为，导致路径匹配绕过

Пока CISO требуют денег на защиту систем, хакеры не дремлют.

Crooks stole at least $69 million from Singapore-based cryptocurrency platform Phemex in an alleged cyberattack. Singapore-based crypto platform Phemex paused operations after a cyberattack that resulted in the theft of $69M. Phemex CEO Federico Variola stated they are restoring withdrawals and temporarily manually reviewing all requests. On Thursday, researchers at the blockchain security firm PeckShield noticed […]

Attackers allegedly stole $69 million from cryptocurrency platform Phemex

春节 ·放假通知 1月28 日- 2月4日 亲爱的安全牛读者朋友们: 值此辞旧迎新之际，安全牛向您致以最诚挚的 […]

70% штрафов остаются неоплаченными.

A critical vulnerability (CVE-2024-52975) has been identified in Elastic’s Fleet Server, posing a severe risk of sensitive information exposure.  The flaw, affecting Fleet Server versions 8.13.0 through 8.15.0, allows sensitive data to be logged at the INFO and ERROR log levels, potentially exposing confidential details depending on the integrations enabled. Details of the Vulnerability The […]

The post Critical Fleet Server Vulnerability Exposes Sensitive Information appeared first on Cyber Security News.

Discover how to prepare your organization for cyber threats in 2025 with incident response tabletop exercises. Learn strategies to strengthen your response plans.

The post How to Run Incident Response Tabletop Exercises in 2025 appeared first on Sygnia.

Submit #485301 / VDB-247968

 A breakthrough framework named SCAVY has been introduced to proactively detect memory corruption targets that could potentially lead to privilege escalation in the Linux kernel. Presented at the prestigious USENIX Security Symposium in August 2024, the framework aims to address long-standing gaps in understanding how memory corruption can be exploited to compromise system integrity. SCAVY’s developers have […]

The post New SCAVY Framework to Detect Memory Corruption Privilege Escalation in Linux Kernel appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Ipswitch WS FTP Server 2.02. This affects an unknown part of the component FTP Command Handler. The manipulation of the argument DELE/MDTM/MLST/MKD/RMD/RNFR/RNTO/SIZE/STAT/XMKD/XRMD leads to memory corruption. This vulnerability is uniquely identified as CVE-2001-1021. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OTRS and OTRS Community Edition up to 7.0.x/8.0.x/2023.x/2024.x/2025.1.x. It has been declared as critical. This vulnerability affects unknown code of the component HTTP Response Header Handler. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-43445. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OTRS and OTRS Community Edition up to 7.0.x/8.0.x/2023.x/2024.x/2025.1.x. It has been classified as critical. This affects an unknown part of the component Generic Interface Module. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2024-43446. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OTRS and OTRS Community Edition 7.0.x/8.0.x/2023.x/2024.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to sensitive information in log files. This vulnerability is handled as CVE-2025-24389. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in OTRS 7.0.x/8.0.x/2023.x/2024.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. This vulnerability is known as CVE-2025-24390. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Security researchers have uncovered a critical vulnerability in Windows s

Security researchers have uncovered a critical vulnerability in Windows stemming from its “Best-Fit” character conversion feature, which has been exploited to execute remote code.  This newly identified attack surface, dubbed “WorstFit,” leverages certain features of Windows’ internal character encoding system to launch sophisticated attacks, including path traversal, argument injection, and remote code execution (RCE). The […]

The post Windows Charset Conversion Feature Exploited to Execute Remote Code appeared first on Cyber Security News.

Новый законопроект вызвал беспокойство международного сообщества.

A vulnerability was found in OTRS and OTRS Community Edition up to 7.0.x/8.0.x/2023.x/2024.x/2025.1.x. It has been declared as critical. This vulnerability affects unknown code of the component HTTP Response Header Handler. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-43445. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.