Aggregator

The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.

A vulnerability classified as problematic has been found in Tabs Shortcode and Widget Plugin up to 1.17 on WordPress. This affects an unknown part of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-0719. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in baserCMS up to 5.0.8. It has been declared as problematic. This vulnerability affects unknown code of the component Content Management Feature. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-26128. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in WAYOS IBR-7150 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-22547. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Colibri Page Builder Plugin up to 1.0.253 on WordPress. It has been declared as problematic. This vulnerability affects the function extend_builder. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-1361. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Colibri Page Builder Plugin up to 1.0.253 on WordPress and classified as problematic. This vulnerability affects the function cp_shortcode_refresh. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-1362. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Fuel CMS 1.5.2allow and classified as problematic. This issue affects some unknown processing of the component String Handler. The manipulation of the argument group_id leads to cross site scripting. The identification of this vulnerability is CVE-2024-25369. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. This vulnerability is traded as CVE-2024-1822. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in HCL Sametime Chat up to 12.0.1 FP1. Affected is an unknown function of the component Secure Storage. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-37540. It is possible to launch the attack on the local host. There is no exploit available.

Join Grip Security on its mission to redefine identity security. Discover how innovation, empathy, and culture are shaping the future of digital protection.

The post Why I Joined Grip Security in Securing the Digital Future appeared first on Security Boulevard.

ИИ теперь не просто гуглит ответ — он думает, ошибается и спорит.

OpenAI has launched three new reasoning models - o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer 'unlimited' usage. [...]

Despite Last-Minute Reprieve, Fresh Approach and Ownership Required, and Soon
This week's near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.

Safety Concerns Emerge Amid o3, o4-mini and GPT-4.1 Launches
OpenAI's mid-April announcements include its most advanced reasoning models o3 and o4-mini, with a biorisk monitor, the quietly released GPT-4.1 coding family and the upcoming retirement of its costliest model, GPT-4.5. OpenAI's partners warn that the company's rushed evaluations have left gaps.

BitNet b1.58 2B4T Focuses on Speed, Efficiency, Open Access
Microsoft released what it describes as the most expansive 1-bit AI model to date, BitNet b1.58 2B4T. Unlike traditional large language models that depend on GPUs and massive infrastructure, the model is built to operate efficiently on CPUs including Apple's M2 chip.

A vulnerability was found in Google Android 13.0. It has been classified as critical. Affected is the function registerBroadcastReceiver of the file RcsService.java. The manipulation leads to permission issues. This vulnerability is traded as CVE-2022-20536. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 13.0 and classified as problematic. This issue affects the function onPreferenceClick of the file AccountTypePreferenceLoader.java. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2022-20515. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 13.0. It has been declared as problematic. Affected by this vulnerability is the function registerLocalOnlyHotspotSoftApCallback of the file WifiManager.java. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2022-20535. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 13.0. It has been rated as problematic. Affected by this issue is the function getSmsRoleHolder of the file RoleService.java. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-20538. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.