Aggregator

众所周知，维基百科的志愿者管理团队大量使用机器人程序去处理各种事务。在生成式 AI 时代，维基媒体基金会表示，他们不会用 AI 取代人类志愿者去整理知识。他们的 AI 策略侧重于维基百科背后的人类志愿者，AI 将用于提升编辑和志愿者的工作效率，自动化繁琐的任务，节省编辑的时间。

Submit #561814 / VDB-306804

Submit #561803 / VDB-306803

A sophisticated malware variant masquerading as a legitimate WordPress security plugin has been identified, capable of providing attackers with persistent access to compromised websites. The malicious code appears in the file system under innocuous names such as ‘WP-antymalwary-bot.php’ or ‘wp-performance-booster.php’, creating a facade of legitimacy while harboring dangerous capabilities including remote code execution, administrator access […]

The post New WordPress Malware as Anti-Malware Plugin Take Full Control of Website appeared first on Cyber Security News.

Submit #561145 / VDB-306802

Submit #561144 / VDB-306801

Submit #561141 / VDB-306800

Submit #561139 / VDB-306799

Submit #561035 / VDB-306798

Submit #561794 / VDB-306797

Submit #561764 / VDB-306796

Submit #561760 / VDB-306795

Submit #561746 / VDB-306794

Submit #561737 / VDB-306793

Submit #561552 / VDB-275850

A vulnerability, which was classified as critical, has been found in EasyService Billing 1.0. This issue affects some unknown processing of the file jobcard-ongoing.php. The manipulation of the argument q as part of Parameter leads to sql injection. The identification of this vulnerability is CVE-2018-11444. The attack may be initiated remotely. Furthermore, there is an exploit available.

In a sophisticated business email compromise (BEC) scheme, cybercriminals are targeting tenants with fraudulent requests to redirect rent payments to attacker-controlled bank accounts. The campaign primarily focuses on French-speaking victims in France and occasionally Canada, exploiting the anxiety associated with potential missed rent payments to manipulate targets into immediate action without proper verification. The attacks […]

The post Cybercriminals Deceive Tenants into Redirecting Rent Payments to Fraudulent Accounts appeared first on Cyber Security News.

Alongside its new Meta AI app, Facebook’s parent company launched several new products to help secure open-source AI applications

A vulnerability, which was classified as problematic, has been found in star7th showdoc up to 2.10.3. This issue affects some unknown processing of the component File Upload Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-0967. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Audition up to 14.4. Affected is an unknown function of the component SVG File Parser. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2021-40734. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.