Aggregator

前段时间差旅较多，尝试了只带 iPad 办公，记录下感受，供朋友们参考。

Submit #392202 / VDB-275114

A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. This vulnerability is known as CVE-2024-7927. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. This vulnerability is traded as CVE-2024-7926. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/E_bak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. The identification of this vulnerability is CVE-2024-7925. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. This vulnerability was named CVE-2024-7924. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #392186 / VDB-275113

Submit #392181 / VDB-275112

Submit #392121 / VDB-275111

Submit #391876 / VDB-275110

Интересные подробности ставят вопрос о подлинности данных 3 миллиардов человек.

AI jailbreaks are not vulnerabilities; they are expected behavior.

AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has announced a strategic partnership with Hackers Central, a major cybersecurity management service provider in Mexico. The announcement marks a significant step in AI SPERA’s strategy to broaden its international footprint. Hackers Central, a prominent cybersecurity management firm in Mexico, offers comprehensive security services including vulnerability […]

The post AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’ appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has announced a strategic partnership with Hackers Central, a major cybersecurity management service provider in Mexico. The announcement marks a significant step in AI SPERA’s strategy to broaden its international footprint. Hackers Central, a prominent cybersecurity management firm in Mexico, offers comprehensive security services including vulnerability […]

The post AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’ appeared first on Cyber Security News.

2024巅峰极客挑战赛-初赛Write up

Submit #391532 / VDB-273168

Submit #391530 / VDB-273168

A vulnerability was found in Shopping Cart & eCommerce Store Plugin up to 5.7.2 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation of the argument model_number leads to sql injection. This vulnerability is uniquely identified as CVE-2024-7827. It is possible to initiate the attack remotely. There is no exploit available.

Recently cybersecurity researchers at Check Point discovered a new malware dubbed “Styx Stealer,” capable of stealing browser and instant messenger data. Threat actors often exploit stealers, enabling them to secretly gather sensitive information from the compromised systems. While the types of information they steal via stealers include personal credentials, financial data, and passwords.  The stolen […]

The post Beware! Styx Stealer Malware Stealing Browser & Instant Messenger Data appeared first on Cyber Security News.

The notorious Lazarus hacker group has been identified as exploiting a zero-day vulnerability in Microsoft Windows, specifically targeting the Windows Ancillary Function Driver for WinSock (AFD.sys). This vulnerability, cataloged as CVE-2024-38193, was discovered by researchers Luigino Camastra and Milanek in early June 2024. The flaw allowed the group to gain unauthorized access to sensitive system […]

The post Lazarus Hacker Group Exploited Microsoft Windows Zero-day appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.