Aggregator

Submit #481185 / VDB-293511

I wanted to share some exciting news about Cisco's recent addition to their certification

A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. This vulnerability is handled as CVE-2025-0732. The attack needs to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

Among the many issues faced in identifying and managing cyber risk, perhaps none is more challen

A modern EASM solution offers more by incorporating meaningful first-party and third-party cyber risk insights than conventional TPRM solutions.

The post Are Third-Party Risk Management Solutions Effective Enough?   appeared first on Security Boulevard.

Хакеры по крупицам обчистили платформу.

Submit #481209 / VDB-293510

Threat actors who send out phishing messages have long ago learned that zero-width characters and u

,  Monday, 27 January 2025 10:45:00 (UTC/GMT)

Over 90 percent of all web traffic is encrypted nowadays, which is great of course. However, as HTTP and DNS traffic gets encrypted, defenders have a more difficult time blocking malicious network traffic. One solution to this problem is to use a TLS firewall, which effectively blocks encrypted conn[...]

A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. This vulnerability is known as CVE-2024-12345. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to disable the affected component. Other endpoints might be affected as well.

Researchers have unveiled SCAVY, a novel framework designed to automate t

Researchers have unveiled SCAVY, a novel framework designed to automate the discovery of memory corruption targets in the Linux kernel.  This discovery aims to address critical gaps in the detection and prevention of privilege escalation exploits, which often leverage memory-corruption vulnerabilities to gain unauthorized access to system resources. Kernel privilege-escalation exploits typically exploit memory corruption […]

The post SCAVY – Framework to Detect Memory Corruption in Linux Kernel for Privilege Escalation appeared first on Cyber Security News.

Researchers have identified a sophisticated phishing tactic leveraging Cloudflare’s workers.dev, a free domain name service, to execute credential theft campaigns. The modus operandi involves a generic phishing page that can impersonate any brand, with significant technical ingenuity aimed at deceiving unsuspecting users and evading detection. The phishing page, hosted on the URL “workers-playground-broken-king-d18b.supermissions.workers.dev,” is designed […]

The post New Phishing Framework Attack Multiple Brands Login Pages To Steal Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. This vulnerability is traded as CVE-2025-0730. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The identification of this vulnerability is CVE-2025-0729. The attack may be initiated remotely. There is no exploit available. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

A recent cybersecurity attack involving a Trojanized version of the XWorm Remote Access Trojan (RAT) builder has compromised over 18,000 devices worldwide. This sophisticated malware, primarily distributed via GitHub repositories, Telegram channels, and other platforms, has targeted cybersecurity novices, also known as “script kiddies,” who unknowingly downloaded malicious tools. Trojanized XWorm RAT Builder Exploits Over […]

The post Weaponised XWorm RAT Builder Attacking Script Kiddies To Hack 18,000 Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Sun MySQL. This issue affects the function udf_init. The manipulation leads to code injection. The identification of this vulnerability is CVE-2005-0709. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

「务必要疯狂地怀抱雄心，且还要疯狂地真诚。」

中国唯一专注于临近空间的商业航天企业，首次开源他们的创新方法论。