Aggregator

Abusing Notion’s AI Agent for Data Theft

不安全
8 months 3 weeks ago
Notion 3.0的AI代理因具备访问私人数据、处理未受信任内容及外部通信能力而易受数据盗窃攻击。攻击者通过隐藏在PDF中的恶意提示指令,指示LLM收集敏感信息并发送给攻击者。当前缺乏有效防御措施。

WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File

Cyber Security News
8 months 3 weeks ago

WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration. The attack chain exploits two distinct vulnerabilities, identified as CVE-2025-55177 and CVE-2025-43300, to compromise a target device without requiring user interaction. The exploit, demonstrated in a proof-of-concept (PoC) shared by the DarkNavyOrg researchers, is […]

The post WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File appeared first on Cyber Security News.

Guru Baran

Akira Ransomware bypasses MFA on SonicWall VPNs

Security Affairs
8 months 3 weeks ago
Akira ransomware is targeting SonicWall SSL VPNs, bypassing OTP MFA on accounts, likely using stolen OTP seeds. Since July 2025, Akira ransomware has exploited SonicWall SSL VPNs, likely using credentials obtained from the exploitation of the CVE-2024-40766 vulnerability, bypassing OTP MFA. Attacks spread quickly across sectors, with rapid post-login activity and short dwell times, making […]
Pierluigi Paganini

CVE-2018-6756 | McAfee True Key up to 5.1.230.7 Microsoft Windows Client access control (EDB-45961 / ID 371380)

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in McAfee True Key up to 5.1.230.7. It has been classified as critical. Impacted is an unknown function of the component Microsoft Windows Client. Performing manipulation results in improper access controls. This vulnerability is identified as CVE-2018-6756. The attack is only possible with local access. Additionally, an exploit exists.
vuldb.com

CVE-2018-6606 | MalwareFox AntiMalware 2.74.0.150 Access Control zam32.sys access control (EDB-43987)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as problematic has been found in MalwareFox AntiMalware 2.74.0.150. This impacts an unknown function in the library zam32.sys of the component Access Control. This manipulation causes improper access controls. This vulnerability is registered as CVE-2018-6606. The attack needs to be launched locally. Furthermore, an exploit is available.
vuldb.com

CVE-2018-10583 | LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure (FEDORA-2018-490f30ffa0 / EDB-44564)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as problematic was found in LibreOffice and Apache Office Writer. This issue affects some unknown processing of the component SMB Connection Handler. The manipulation as part of XML Document results in information disclosure. This vulnerability is cataloged as CVE-2018-10583. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2018-6757 | McAfee True Key up to 5.1.230.7 Microsoft Windows Client access control (EDB-45961 / ID 371380)

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in McAfee True Key up to 5.1.230.7. It has been declared as critical. The affected element is an unknown function of the component Microsoft Windows Client. Executing manipulation can lead to improper access controls. This vulnerability is tracked as CVE-2018-6757. The attack is restricted to local execution. Moreover, an exploit is present.
vuldb.com

CVE-2018-6460 | Hotspot Shield Web Server /status.js func information disclosure (EDB-44042)

Vuldb Updates
8 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in Hotspot Shield. Affected is an unknown function of the file /status.js of the component Web Server. Such manipulation of the argument func with the input $_APPLOGRfunc as part of POST Request leads to information disclosure. This vulnerability is traded as CVE-2018-6460. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad