Aggregator

On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.”

Китайские дроны — новая угроза Пентагону?

Добро пожаловать в чёрный ящик генома.

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. [...]

Beware! SVG images are now being used with obfuscated JavaScript for stealthy redirect attacks via spoofed emails. Get insights from Ontinue's latest research on detection and defence.

Они приручили алюминий и заставили его считать до 19 знаков после запятой.

A new Konfety Android malware variant uses a malformed ZIP and obfuscation to evade detection, posing as fake apps with no real functionality. Zimperium zLabs researchers are tracking a new, sophisticated Konfety Android malware variant that uses an “evil-twin” tactic and duplicate package names to avoid detection. The new Konfety malware variants use malformed ZIP, […]

A vulnerability was found in gaizhenbiao ChuanhuChatGPT up to 20240410. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-5822. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Apache Superset up to 4.0.x and classified as critical. Affected by this issue is the function query_to_xml_and_xmlschema/table_to_xml/table_to_xml_and_xmlschema. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-53947. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.