Aggregator

A vulnerability was found in APNGDis up to 2.8. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component IHDR Chunk Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-6193. The attack can be launched remotely. Furthermore, there is an exploit available.

历史悠久的开源自由软件新闻周刊 LWN（Linux Weekly News）主编 Jonathan Corbet 宣布向订阅者提供 EPUB 格式的电子书，方便用户在电子书阅读器上阅读每周特稿。任何每周特稿内容都可以通过在网址后添加 /epub 转变为 EPUB 格式的电子书。LWN 还偶尔会精心挑选内容创建特定的电子书作为演示供所有读者下载阅读，比如 Kangrejos 2024、2024 Linux Storage、Filesystem、Memory Management 和 BPF Summit。非订阅用户可以使用知名电子书软件 Calibre 抓取 RSS 源生成往期的每周特稿电子书。

A vulnerability was found in phpMyAdmin 4.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file export.php. The manipulation of the argument what leads to path traversal. This vulnerability was named CVE-2013-3240. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

«Феникс» RansomHub и другие преступники, сделавшие 2024 год незабываемым.

A vulnerability, which was classified as problematic, has been found in Achievo. Affected by this issue is some unknown functionality of the file dispatch.php of the component Administration Page. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2009-2733. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in WordPress 4.5.3. It has been classified as critical. Affected is the function wp_ajax_update_plugin of the file ajax-actions.php. The manipulation leads to path traversal. This vulnerability is traded as CVE-2016-6896. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted […]

苹果宣布开源 Swift Build，源代码托管在 GitHub 上，采用 Apache License 2.0 许可证。Swift 语言被用于为苹果旗下的各种操作系统开发软件，Swift Build 是一个强大且可扩展的构建引擎，提供了一套用于构建 Swift 项目的构建规则。Swift Build 是 Xcode 使用的引擎，开源库还包括对 Linux 和 Windows 的支持。

A vulnerability classified as problematic was found in OneOrZero Action And Information Management System 2.8.0. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2012-0989. The attack can be launched remotely. Furthermore, there is an exploit available.

Name: ECTF (an ECTF event.)
Date: Jan. 31, 2025, 11 a.m. — 02 Feb. 2025, 11:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ectf.fr/
Rating weight: 0.00
Event organizers: CYBER & CHILL

Name: Nullcon Goa HackIM 2025 CTF (an HackIM event.)
Date: Feb. 1, 2025, 8:30 a.m. — 02 Feb. 2025, 08:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.nullcon.net/
Rating weight: 30.00
Event organizers: ENOFLAG

Name: BearcatCTF 2025: World Tour (an Bearcat CTF event.)
Date: Feb. 1, 2025, noon — 02 Feb. 2025, 12:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://play.bearcatctf.io/
Rating weight: 23.89
Event organizers: Cyber@UC

A vulnerability classified as critical was found in vBulletin up to 4.2.2 PL4/4.2.3. Affected by this vulnerability is an unknown functionality of the file forumrunner/includes/moderation.php. The manipulation of the argument postids leads to sql injection. This vulnerability is known as CVE-2016-6195. The attack can be launched remotely. Furthermore, there is an exploit available. A worm is spreading, which is automatically exploiting this vulnerability. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Blue Coat ProxySG 4.2.6/5.2.2.4. This issue affects some unknown processing of the component Management Console. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2007-5796. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Debian Linux 3.1. Affected is an unknown function of the component man-db. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2006-4250. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Explore key cybersecurity trends for 2025, including ransomware evolution, supply chain vulnerabilities, and identity-based threats. Discover actionable strategies and expert insights to strengthen your organization’s resilience.

The post A Surge in Identity-based Attacks: Cybersecurity trends from Sygnia’s new 2025 Field Report appeared first on Sygnia.

A vulnerability has been found in ScriptsFeed Scripts Directory and classified as critical. Affected by this vulnerability is an unknown functionality of the file info.php. The manipulation of the argument id leads to sql injection. This vulnerability is known as CVE-2010-2905. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in skysa Skysa App Bar Integration plugin up to 1.2. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument submit leads to cross site scripting. This vulnerability is traded as CVE-2011-5179. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

LLM赋能恶意代码分析初探，希望对初学者有帮助！新年快乐，共勉。