Aggregator

A vulnerability, which was classified as critical, has been found in Oracle Financial Services Regulatory Reporting for De Nederlandsche Bank 8.0.4. Affected by this issue is some unknown functionality of the component User Interface. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2020-11022. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player supply chain compromise, this attack was reportedly made possible due to compromised (phished) npm.js account credentials. What happened? “Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana [decentralized apps]. This allowed an attacker to publish unauthorized and malicious packages … More →

The post Solana’s popular web3.js library backdoored in supply chain compromise appeared first on Help Net Security.

The year 2024 is one of continual evolution for communication service providers (CSPs) and the cybersecurity landscape.

The post How CSPs are Adapting to the Threat Landscape and Meeting new Cybersecurity Challenges appeared first on Security Boulevard.

【追随大师】 | 《内存取证的局限与价值：一场经典的网络安全防御思维之争》

Docker/Kubernetes (K8s)Penetration Testing Checklist

Docker/Kubernetes (K8s)Penetration Testing Checklist

TryHackme’s Advent of Cyber 2024 — Day 03 Writeup

Tricky & Simple EXIF protection Bypass

Tricky & Simple EXIF protection Bypass

Critical Bug: Deny Sign-In & Steal Sensitive Info on Behalf of Victims

Critical Bug: Deny Sign-In & Steal Sensitive Info on Behalf of Victims

A Strategic Approach to Building a Comprehensive Third-Party Risk Framework

zackelia/bclm: macOS command-line utility to limit max battery charge

关于 AlDente，每次一提这个 App 老有人冷嘲热讽 - V2EX

雷神众测漏洞周报2024.11.25-2024.12.01

A vulnerability, which was classified as critical, has been found in Oracle VM 2.2.1. This issue affects some unknown processing. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2010-3585. The attack may be initiated remotely. Furthermore, there is an exploit available.

每日安全动态推送(24/12/4)

A Threat Actor is Allegedly Selling Access to an Unidentified Latin American Oil Corporation

Japan's CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. [...]