Aggregator

A vulnerability identified as problematic has been detected in Red Hat Enterprise Linux up to 4. Impacted is an unknown function. The manipulation leads to improper locking. This vulnerability is listed as CVE-2009-4272. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Sun Change Manager 1.0. The affected element is an unknown function. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2003-1576. The attack may be launched remotely. There is no exploit available.

从一个文档的信息泄露，到全校三要素泄露和RCE

A vulnerability was found in cURL up to 8.19.0. It has been classified as critical. This vulnerability affects unknown code of the component OCSP Stapling Handler. Performing a manipulation results in improper certificate validation. This vulnerability is cataloged as CVE-2026-7009. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Brainstorm Force SureForms Pro Plugin up to 2.8.0 on WordPress and classified as critical. This affects an unknown part. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-42377. The attack may be performed from remote. There is no available exploit.

Smartbi的RMIServlet接口由于其方法调用的功能，出现过非常多漏洞，以这个接口为切入点，开始分析其出现过的部分历史漏洞。

A vulnerability was found in Schneider Electric EcoStruxure EV Charging Expert. It has been declared as critical. Impacted is an unknown function of the component Web Interface. Such manipulation leads to improper restriction of rendered ui layers. This vulnerability is listed as CVE-2022-22807. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 96. This affects an unknown part. Executing a manipulation can lead to memory corruption. This vulnerability is registered as CVE-2022-22764. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Mozilla Thunderbird up to 91.5. Affected is an unknown function of the component Worker. The manipulation results in improper access controls. This vulnerability was named CVE-2022-22763. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Mozilla Thunderbird up to 91.5. Affected by this vulnerability is an unknown functionality. This manipulation causes memory corruption. The identification of this vulnerability is CVE-2022-22764. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

MAPS Cloud Scanner A research tool for interacting with Windows Defender’s MAPS (Microsoft Active Protection Service) cloud-based file reputation and

The post Peering into the Cloud: Decode Windows Defender’s MAPS Protocol with the MAPS Cloud Scanner appeared first on Penetration Testing Tools.

Google подписала секретное соглашение с Пентагоном на использование ИИ для военных задач.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2024-02-21 is a path traversal vulnerability […]

Checkmarx is grappling with a distressing sequel to its March security breach, as data exfiltrated from a private

The post Supply Chain Fallout: LAPSUS$ Leaks 96GB of Stolen Checkmarx Data Following TeamPCP Breach appeared first on Penetration Testing Tools.

苹果公司一直面临压力，需要实现供应链多元化以增强韧性，但该过程漫长而复杂，将持续到其下一任首席执行官约翰·特努斯的任期内。不过，苹果供应商及公司内部人士透露，特努斯很可能不会加速生产转移，至少在未来1

食肉细菌短短三天内就破坏了一位 74 岁佛罗里达男子的手臂和腿。三天前他还身体健康，还在海边活动，但在跳入水中时他的右腿被划伤了，伤口很快疼痛难忍，而且右臂的颜色也变了。他被送往医院急救，其右腿进行了膝上截肢手术。医生对其血液和组织样本的检测发现他感染了创伤弧菌（Vibrio vulnificus），一种生活在温暖咸淡水的食肉细菌。创伤弧菌通过两种途径感染人类：其一是通过伤口接触受污染的水，其二是食用受污染的海鲜。创伤弧菌会释放出各种毒素杀死感染者，感染者的总死亡率高达 35%，如果存在免疫功能问题或肝脏疾病，死亡率会进一步提高到 50%-60%。如果抗生素治疗或坏死组织切除手术延误，死亡率将是 100%。在本病例中，该男子最终幸存。该病例凸显了创伤弧菌在气候变化下日益加剧的威胁。美国 CDC 建议只食用完全煮熟的海鲜，以及在身上有创口的情况下避免进入咸淡水。

Corporate correspondence has once again emerged as a convenient portal for adversaries. In this nascent campaign, the assailants

The post The “Snow” Storm: How UNC6692 Uses Microsoft Teams and Email Bombing to Breach Corporate Fortresses appeared first on Penetration Testing Tools.

The GlassWorm campaign has resurfaced within the developer community, though the adversaries have adopted a more surreptitious operational

The post The Trojan Update: How “GlassWorm” Developers are Using Sleeper Extensions to Hijack Workspaces appeared first on Penetration Testing Tools.

The ubiquitous Python library elementary-data has emerged as a conduit for the exfiltration of sensitive developer telemetry. The

The post The Poisoned Pipeline: How a GitHub Actions Flaw Infiltrated the Popular “Elementary-Data” Library appeared first on Penetration Testing Tools.

Leading a managed security services provider has never been a comfortable job. And it isn’t now, though the demand for MSSPs has never been higher. The global threat landscape is expanding faster than most enterprise security teams can keep pace with, and organizations across every sector are turning to managed providers to fill the gap.   For MSSP leaders, this […]

The post Margin vs. Madness: Fixing MSSP Top 5 Operational Nightmares appeared first on ANY.RUN's Cybersecurity Blog.