Aggregator

A vulnerability has been found in Kravchuk and classified as critical. Affected by this vulnerability is an unknown functionality of the file subs.php. The manipulation of the argument scdir leads to Remote Code Execution. This vulnerability is known as CVE-2007-3118. The attack can be launched remotely. Furthermore, there is an exploit available.

Как мировые компании превращают нас в продукт.

在这个信息爆炸的时代，开源情报已成为一种潮流和趋势。越来越多的人开始关注开源，参与到开源情报的行列中来。

Пять команд поборются за главный приз в миллион рублей.

A vulnerability, which was classified as critical, was found in langchain_experimental up to 0.3.0. This affects the function sympy.sympify. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2024-46946. The attack can only be done within the local network. There is no exploit available.

A vulnerability has been found in Apex Softcell LD DP Back Office up to 24.8.21.0 and classified as problematic. This vulnerability affects unknown code of the component API Endpoint. The manipulation of the argument cCdslClicentcode/cLdClientCode leads to exposure of private personal information to an unauthorized actor. This vulnerability was named CVE-2024-47085. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Apex Softcell LD Geo and classified as problematic. This issue affects some unknown processing of the component API Login. The manipulation leads to improper restriction of excessive authentication attempts. The identification of this vulnerability is CVE-2024-47088. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Apex Softcell LD Geo. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation leads to improper validation of integrity check value. This vulnerability is known as CVE-2024-47089. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Apex Softcell LD Geo. It has been rated as problematic. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation of the argument Client ID/DPID/BOID leads to exposure of private personal information to an unauthorized actor. This vulnerability is handled as CVE-2024-47087. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Apex Softcell LD DP Back Office. This affects an unknown part of the component API Endpoint. The manipulation of the argument OTP leads to authentication bypass by assumed-immutable data. This vulnerability is uniquely identified as CVE-2024-47086. It is possible to initiate the attack remotely. There is no exploit available.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4) to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti warned of a new Cloud Services Appliance […]

Qualcomm, which makes chips for smartphones, said it will lay off 226 workers in San Diego later th

error code: 1106

No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply Chain
Secure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking. But as this week revealed to the dismay of terrorists and criminals alike, no OpSec measure is bulletproof to the effects of a corrupted supply chain.

Microsoft Says Russia-Linked Cyber Actors Are Supporting Trump by Attacking Harris
Microsoft warned the Kremlin is targeting the 2024 presidential election campaign of Vice President Kamala Harris with its wide-ranging election interference operations. Russian groups likely aligned with the Kremlin have shifted their focus to the Harris campaign in recent months.

Riverwood Capital Leads Investment in Security Validation Firm to Grow in Americas
Picus Security has received $45 million in funding led by Riverwood Capital. The investment will accelerate product development in exposure management, including attack surface management and automated pen testing. The company plans to expand further in the Americas, targeting key growth areas.

Chinese Botnet Targets US Critical Infrastructure and Taiwan
A Chinese state-sponsored botnet called Raptor Train has infected more than 260,000 IoT and office network devices to target critical infrastructure globally. The hackers used zero-days and known vulnerabilities to compromise more than 20 different types of devices to expand their botnet.

German Law Enforcement Reportedly Deanonymized Tor User in 2021
The Tor Project on Wednesday reassured users that they will remain anonymous after media reported that German police successfully used Tor to trace the alleged administrator of a child pornography site. Tor users can continue to use the browser "securely" and the "Tor Network is healthy," it said.

A vulnerability, which was classified as critical, was found in K-letter 1.0. Affected is an unknown function of the file action.php. The manipulation of the argument scdir leads to file inclusion. This vulnerability is traded as CVE-2007-3118. It is possible to launch the attack remotely. Furthermore, there is an exploit available.