Aggregator

TgRat, a Telegram-controlled trojan, was discovered attacking Linux servers in an attempt to steal data from a compromised system. In 2022, the TgRat trojan was first identified. Although the original version of the trojan was small and designed for Windows, the latest version uses the widely used messaging app Telegram to target Linux servers. “The […]

The post Telegram-Controlled TgRat Attacking Linux Servers to Exfiltrate Data appeared first on Cyber Security News.

2023 年 1 月 1 日，据俄罗斯和乌克兰消息来源报道，乌克兰对驻扎在马基维卡（Makiivka是顿涅茨克地区首府的姊妹城市）一所职业学校的俄罗斯军队的袭击造成了重大伤亡，尤其是应征入伍者。 顿涅

2023 年 1 月 1 日，据俄罗斯和乌克兰消息来源报道，乌克兰对驻扎在马基维卡（Makiivka是顿涅茨克

A vulnerability was found in Zephyr Project Manager Plugin up to 3.3.100 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument filename leads to cross site scripting. This vulnerability is known as CVE-2024-7356. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Sync Post with other Site Plugin up to 1.6 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Post Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-6709. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in File Manager Pro Plugin up to 1.8.2 on WordPress and classified as critical. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-7031. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in YayExtra Plugin up to 1.3.7 on WordPress and classified as critical. This vulnerability affects the function handle_upload_file. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-7257. The attack can be initiated remotely. There is no exploit available.

Threat actors have been exploiting the attack vector known as Sitting Ducks since at least 2019 to conduct malware delivery, phishing, brand impersonation, and data exfiltration by exploiting flaws in DNS. This widespread flaw, affecting multiple DNS providers, enables domain hijacking without detection. Besides this, the researchers from Infoblox and Eclypsium have unveiled this critical […]

The post Sitting Ducks DNS Attack Hijack 35,000 Domains appeared first on Cyber Security News.

DDoS Attack / Server SecurityCybersecurity researchers have disclosed details of a new distributed

Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers. Attack chains entail the exploitation

各位少数派的读者们，大家好，为了创造更多和大家面对面交流的机会，少数派门店从 7 月开始将每月组织至少一次的线下活动。第一期，我们先来了一场轻松的音乐活动，和大家过了一个放松、愉快又能略有收获的周

搭建ss5协议的很容易封端口。现在墙的方式，一种就是墙端口，不知道为什么，只要端口有在跑http，或者tcp协议，这端口就不墙，没跑就秒墙。ws，qui

搭建ss5协议的很容易封端口。 现在墙的方式，一种就是墙端口，不知道为什么，只要端口有在跑http，或者tcp协议，这端口就不墙，没跑就秒墙。ws，quic之类的协议就很容易墙。 想起之前有人找...

在国家安全领域，情报报告和情报简报扮演着至关重要的角色。它们为决策者提供了及时且深入的战略规划信息，帮助决策人理解、预测并有效应对新出现的威胁与挑战。

在2024年8月1日，美国国家反情报和安全中心(NCSC)最新发布《美国国家反情报战略2024》（Nation

Many crypto degens and retail crypto investors are dreaming of finding a token that can grow exponen

小红书发 11 周年信：承认大公司病，需要重新出发 特斯拉因自动驾驶致死案被起诉，死者父母称「系统有缺陷」 Meta 花数百万美元够买明星声音授权，用于 AI 项目

英特尔跌超 28%，创 1982 年以来最大跌幅北京时间 8 月 3 日凌晨，受财报不及预期消息影响，英特尔股价暴跌超 28%，创至少 1982 年以来最大跌幅。截至发稿，英特尔跌幅为 28.71%，