Aggregator

Checkmarx 周末发出警告，其 Jenkins 应用安全测试（AST）插件的恶意版本已在 Jenkins 应用市场发布。   此次入侵由黑客组织 TeamPCP 宣称负责，该组织发起了一系列供应链攻击，包括针对 npm 的 “沙虫”（Shai - Hulud）行动以及对 Trivy 漏洞扫描器的攻击，导致窃取凭证的恶意软件被传播。   Jenkin...

error code: 1003

德国警方成功捣毁了德语网络犯罪市场 “Crimenetwork” 的复活版本，而就在数月前，该平台才首次被关停。这个重生的网站已经吸引了超过 2.2 万名用户和 100 多名卖家，这表明，一旦运营者能够重建基础设施，地下市场恢复的速度有多快。   德国联邦刑事警察局（BKA）发布的公告称：“在 2024 年底被执法部门关停之前，‘Crime...

error code: 1003

身份管理与治理服务提供商 SailPoint 披露了一起涉及其 GitHub 代码库的网络安全事件。   在提交给美国证券交易委员会（SEC）的文件中，该公司透露此次事件发生于 4 月 20 日，且已迅速得到控制。   提交给 SEC 的文件称：“2026 年 4 月 20 日，我们检测到部分 GitHub 代码库遭到未经授权的访问。我们的事件响应团队迅速终止了未授...

error code: 1003

微软投资OpenAI时目标获得920亿美元回报微软公司在其早期对OpenAI公司的大规模投资中，设定了 920亿美元的回报目标。双方这一具有里程碑意义的合作，帮助开启了当前的AI时代。这一目标包含在微

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

奇安信威胁情报中心红雨滴团队私有情报生产流程发现一家面向中文用户提供私密IM的软件官网上的安装包被替换。被替换的安装包除了正常流程外，还会释放如下组件，内存加载SNOWLIGHT下载者，最终运行魔改nps隧道。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

What is Google Widevine?WidevineCDM (Content Decryption Module) is a DRM component

A vulnerability was found in Linux Foundation Xen 4.4.0 on ARM. It has been rated as problematic. Affected by this issue is the function vgic_distr_mmio_write of the file xen/arch/arm/vgic.c of the component GIC Distributor. This manipulation causes improper input validation. The identification of this vulnerability is CVE-2014-2986. The attack can only be executed locally. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Apache Struts up to 2.3.16.1 and classified as critical. This impacts an unknown function of the component Class Loader. Executing a manipulation can lead to improper access controls. This vulnerability is handled as CVE-2014-0112. The attack can be executed remotely. Additionally, an exploit exists. This vulnerability has historical importance owing to its background and reception. It is advised to implement the suggested workaround.

A vulnerability categorized as very critical has been discovered in Adobe Flash Player up to 13.0.0.201. Impacted is an unknown function of the component Pixel Bender. Executing a manipulation can lead to memory corruption. The identification of this vulnerability is CVE-2014-0515. The attack may be launched remotely. Furthermore, there is an exploit available. This vulnerability is historically impactful due to its background and the reception it garnered. A worm is spreading and is exploiting this vulnerability automatically. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in dompdf 0.6.0. This impacts an unknown function of the file dompdf.php. Performing a manipulation of the argument php:/filter/read=convertbase64-encode/resource results in information disclosure. This vulnerability is reported as CVE-2014-2383. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in PaperCut MF 14.1. Affected is an unknown function. Executing a manipulation can lead to Remote Code Execution. This vulnerability appears as CVE-2014-2657. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.