Aggregator

Name: ACECTF 1.0 (an ACECTF event.)
Date: Feb. 27, 2025, 6:30 a.m. — 28 Feb. 2025, 06:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://acectf.tech/
Rating weight: 22.63
Event organizers: ACECTF

在 Google Chrome 之后，Microsoft Edge 准备淘汰 Manifest V2 扩展开始禁用 uBlock Origin。最新的 Edge Canary 版本禁用了 Manifest V2 扩展，并显示信息称该扩展不再被支持，Microsoft Edge 建议将其移除。对于被自动禁用的扩展如 uBlock Origin，用户目前暂时还可以在扩展管理中手动启用。

OpenAI 周四开始向部分开发者和支付 200 美元月费的用户提供其新一代模型 GPT-4.5 的访问，下周开放给 ChatGPT Plus 订阅用户。GPT-4.5 原计划去年推出，但因为开发挑战而推迟。OpenAI CEO Sam Altman 称原因是 GPU 耗尽了。Altman 称在让更多用户访问 GPT-4.5 前需要增加数以万计的 GPU。因为其规模，GPT-4.5 价格非常昂贵，模型输入每百万个 token 收取 75 美元，模型生成每百万个 token 收取 150 美元，这一收费标准分别是 GPT-4o 模型的 30 倍和 15 倍。

作者：wh0am1i@知道创宇404实验室 日期：2025年2月28日 1. 前言 pocsuite3 框架可以通过 --dork 或 --dork-zoomeye 参数获取 ZoomEye 网络空间测绘平台的搜索引擎数据。但随着近几年网络空间领域的攻防对抗升级，导致网络空间中存在大量的蜜罐。为了过滤掉这些蜜罐，ZoomEye 中加入了自动标注蜜罐的识别算法， 同时 pocsuite3 ...

A vulnerability has been found in Red Hat Quarkus and classified as critical. This vulnerability affects unknown code of the component WebAuthn Module. The manipulation leads to improper authentication. This vulnerability was named CVE-2024-12225. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Apache InLong up to 2.0.x. This affects an unknown part of the component JDBC. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-27531. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Netskope Threat Labs uncovered a sprawling phishing operation involving 260 domains hosting approximately 5,000 malicious PDF files. These documents, disguised as legitimate resources, employ fake CAPTCHA prompts to redirect victims to phishing sites designed to harvest credit card details and personal information. The campaign, active since the second half of 2024, has impacted over 1,150 […]

The post 260 Domains Hosting 5,000 Malicious PDFs to Steal Credit Card Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as very critical, has been found in Radare2 up to 5.9.8. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-1744. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in IBM MQ 9.3/9.4. Affected by this vulnerability is an unknown functionality of the component Webconsole Trace. The manipulation leads to improper management of sensitive trace data. This vulnerability is known as CVE-2024-54173. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in wpeverest User Registration & Membership Plugin up to 4.0.4 on WordPress. Affected is an unknown function of the component User Registration Handler. The manipulation of the argument s leads to cross site scripting. This vulnerability is traded as CVE-2025-1511. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in xpeedstudio Wp Social Login and Register Social Counter Plugin up to 3.1.0 on WordPress. It has been rated as problematic. This issue affects the function counter_access_key_setup of the component Setting Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-1506. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in portfoliohub WordPress Portfolio Builder Plugin up to 1.1.7 on WordPress. It has been declared as problematic. This vulnerability affects the function pfhub_portfolio_portfolio of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-1757. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in berocket Advanced AJAX Product Filters Plugin up to 1.6.8.1 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation of the argument nonce leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-1505. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ratemyagent RateMyAgent Official Plugin up to 1.4.0 on WordPress and classified as problematic. Affected by this issue is the function rma-settings-wizard of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-0801. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in contest-gallery Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery Plugin up to 26.0.0.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Photo Gallery. The manipulation of the argument Comment leads to cross site scripting. This vulnerability is known as CVE-2025-1513. The attack can be launched remotely. There is no exploit available.