Aggregator

CISA紧急拨款避免CVE漏洞数据库停摆，全球网络安全危机暂缓！

Log correlation has emerged as an essential technique, enabling security teams to connect seemingly isolated events across diverse systems to identify sophisticated attack patterns. By analyzing log data from different sources, organizations can detect advanced persistent threats that might otherwise remain hidden for weeks or months. This article explores cutting-edge log correlation techniques that enhance […]

The post Advanced Log Correlation Techniques For Real-Time Threat Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Поддержка пришла оттуда, откуда никто не ждал.

Node.js恶意广告攻击加密货币用户，窃取数据并伪装合法交易平台。

Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulnerabilities, more products, and more complex ecosystems. But one of the more telling metrics for CISOs is not just how many bugs were found — it’s how dangerous they were. In that regard, the data offers some good news. … More →

The post Microsoft vulnerabilities: What’s improved, what’s at risk appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-17, 82 days ago. The vendor is given until 2025-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-17, 92 days ago. The vendor is given until 2025-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-17, 69 days ago. The vendor is given until 2025-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-17, 83 days ago. The vendor is given until 2025-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-17, 83 days ago. The vendor is given until 2025-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-17, 84 days ago. The vendor is given until 2025-08-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Exploiting SMS: Threat Actors Use Social Engineering to Target Companies

The post Exploiting SMS: Threat Actors Use Social Engineering to Target Companies appeared first on Security Boulevard.

Собирается ли Microsoft что-то с этим сделать?

57款Chrome扩展暗藏追踪代码，600万用户遭隐秘监控。

该恶意软件变种已迅速发展为最危险的勒索软件家族之一

A vulnerability, which was classified as critical, was found in Microsoft Windows. This affects an unknown part of the component Hyper-V. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2022-35751. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Sierra Wireless ALEOS up to 4.4.8/4.9.4/4.13.x. Affected is an unknown function of the component ACENet Service. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2019-11851. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in RWS WorldServer up to 11.7.2. It has been rated as problematic. This issue affects some unknown processing of the component UserWSUserManager. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2022-34270. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in libming 0.4.8. This affects an unknown part in the library /libming/src/actioncompiler/listaction.c. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2024-25770. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in FlyCMS 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /system/share/ztree_category_edit. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-27694. The attack may be initiated remotely. There is no exploit available.