Aggregator

A vulnerability was found in Apache Archiva up to 1.3.6 and classified as problematic. This impacts an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2013-2187. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Npmjs Node Packaged Modules up to 1.3.1. It has been classified as problematic. Affected is an unknown function in the library lib/npm.js. The manipulation leads to link following. This vulnerability is documented as CVE-2013-4116. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Poppler 0.24.0/0.24.1/0.24.2/0.24.3. It has been declared as problematic. Affected by this vulnerability is the function openTempFile of the component xpdf. The manipulation results in link following. This vulnerability is reported as CVE-2013-4472. The attack requires a local approach. No exploit exists.

A vulnerability was found in Carbonblack Carbon Black. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross-site request forgery. This vulnerability appears as CVE-2014-1615. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in MobFox mAdserve 2.0. This affects an unknown part of the file edit_ad_unit.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2014-2654. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in Papercut Papercut MF up to 13.0. This vulnerability affects unknown code. Performing a manipulation results in cross-site request forgery. This vulnerability is known as CVE-2014-2659. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in KnowledgeTree 3.7/3.7.0.1/3.7.0.2. This issue affects the function getFileName of the component WebService. Executing a manipulation can lead to sql injection. This vulnerability is handled as CVE-2014-2737. The attack can be executed remotely. There is not any exploit available.

ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate

Злоумышленники спрятали ловушку там, где пользователи меньше всего ждали подвоха.

Name: PHONIX VIPER NOVA CTF#2 (an PH03N1X V1P3R N0V4 CTF event.)
Date: May 8, 2026, 10 a.m. — 10 May 2026, 17:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Romania, Bucharest
Offical URL: http://pwnctf.ro/
Rating weight: 0.00
Event organizers: PH03N1X V1P3R N0V4 CTF

Name: Azure Assassin Alliance CTF 2026 (an Azure Assassin Alliance CTF event.)
Date: May 10, 2026, 1 a.m. — 11 May 2026, 01:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://actf2026.xctf.org.cn/
Rating weight: 45.60
Event organizers: 欸欸欸

As AI and quantum threats target the backbone of the American economy, Washington must provide the guidance and incentives necessary for SMBs to access executive-level cyber expertise.

The post The missing cybersecurity leader in small business appeared first on CyberScoop.

告别零散技巧，学透提示词越狱全链路攻防

窃取密钥与对话，并植入持久化木马

看雪论坛作者ID：0xlane

Key Findings Ransomware in Q1 2026: Consolidation at Scale During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims but remains the second-highest Q1 on record at 117% […]

The post The State of Ransomware – Q1 2026 appeared first on Check Point Research.

哥伦比亚大学护理学院一项使用 AI 展开的评估发现，近 3000 篇同行评审医学论文包含了虚假引用，这些引用在科学数据库里并不存在，是 AI 捏造的。研究团队开发了一个自动化验证系统，使用 AI 扫描了 2023 年 1 月 1 日至 2026 年 2 月 18 日期间发表在 PubMed Central 开放获取数据库中的 250 万篇论文，在 9710 万个已验证的引用文献中，研究人员在 2810 篇论文中发现了 4046 个虚假引用。自 2023 年以来，虚假引用率增长了 12 倍以上，2024 年中期开始出现最为显著的增长，这与 AI 写作工具的流行吻合。研究人员称，他们发现一篇论文的 30 个引用中有 18 个是虚假的。部分虚假引用已被其他论文引用，出现在为临床诊疗提供依据的系统评价中。