Aggregator

Posted by James Forshaw, Google Project ZeroThis is a short blog post about some recent improveme

The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, and ACTINIUM). These are the first known mobile malware families linked to the Russian APT.  The cyberespionage group is behind a […]

Epic Games 与西班牙电信达成合作，将在西班牙电信出售的 Android 合约机上预装其应用商店。西班牙电信的网络遍及西班牙、英国、德国和西语拉美地区，总用户数多达 3.92 亿。

Epic Games 与西班牙电信达成合作，将在西班牙电信出售的 Android 合约机上预装其应用商店。西班牙电信的网络遍及西班牙、英国、德国和西语拉美地区，总用户数多达 3.92 亿。西班牙电信客户可以通过该应用商店访问 Fortnite、Fall Guys 和 Rocket League Sideswipe 等流行游戏，Epic Games 计划将更多第三方游戏带到应用商店，将为西班牙电信的手游玩家提供额外的好处。

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.

Схема, о которой предупредил ВТБ.

A vulnerability classified as problematic has been found in Graphics::ColorNames up to 3.1.x on Perl. This affects an unknown part of the component Working Directory Handler. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2024-55918. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Coupon Affiliates Plugin up to 5.16.7.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-12421. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in WP Timetics Plugin up to 1.0.27 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component User Handler. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-11275. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Property Hive Stamp Duty Calculator Plugin up to 1.0.22 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12465. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Themify Store Locator Plugin up to 1.1.9 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-12414. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Booking System Trafft Plugin up to 1.0.6 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-11754. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WP Crowdfunding Plugin up to 2.1.12 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11910. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Out of the Block Plugin up to 2.8.3 on WordPress. Affected by this issue is the function ootb_query of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11827. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in MyParcel Plugin up to 4.24.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9608. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in MainWP Child Plugin up to 5.2 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-10783. It is possible to launch the attack remotely. There is no exploit available.

根据发表在《科学》期刊上的一项研究，尼安德特人与现代人类的融合发生在 5.05 万到 4.35 万年前。现代人类获得了多个尼安德特人的基因，这些基因（其中包括与皮肤色素沉着、免疫反应和新陈代谢有关的基因）对现代人的谱系产生了有利的影响。研究人员利用采自 334 名现代人（包括 59 名从 4 万 5000 年前至 2200 年前的古人和 275 名来自全球不同人群的当代个体）的基因组数据对过去约 5 万年中的现代人类中的尼安德特人血统的变化进行了全面评估。他们发现，尼安德特人基因流动中的绝大多数可归因于某单一的、共同的长期基因流动，该基因流动可能发生在 5万又 500 年至 4 万 3500 年前，这与欧洲现代人类和尼安德特人存在时间重叠的考古证据一致。

A vulnerability was found in Simple Link Directory Plugin up to 8.4.0 on WordPress. It has been rated as critical. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-12417. The attack may be initiated remotely. There is no exploit available.