Aggregator

Currently trending CVE - Hype Score: 26 - Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 37 - CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the ...

Currently trending CVE - Hype Score: 19 - YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

Currently trending CVE - Hype Score: 21 - Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

Currently trending CVE - Hype Score: 16 - Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary ...

Currently trending CVE - Hype Score: 25 - GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

Currently trending CVE - Hype Score: 34 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Currently trending CVE - Hype Score: 22 - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been ...

Currently trending CVE - Hype Score: 26 - Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 25 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems. Polish researcher Borys Musielak (@michuk) used ChatGPT-4o to generate a fake passport in just five minutes. The document is realistic enough to bypass automated Know Your Customer (KYC) checks, the expert states. […]

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are probing Palo Alto Networks GlobalProtect portals Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise. April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft Microsoft … More →

The post Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast appeared first on Help Net Security.

Name: Breach CTF 2025 (an BreachCTF event.)
Date: April 5, 2025, 2:30 a.m. — 06 April 2025, 02:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://www.breachers.in/
Rating weight: 0
Event organizers: IITBreachers

История EncryptHub, который покорил 600 компаний, но прокололся на беседах c ChatGPT.

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, from Kosovo to face charges in the Western District of Pennsylvania for their alleged roles as administrators of the Rydox cybercrime marketplace. The Rydox cybercrime marketplace was an illicit online platform that operated as a hub for cybercriminals, facilitating […]

The post U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Это уже не генератор картинок, а цифровой ремесленник с обсессией к коже, свету и материалам.

Linux больше не спасает старое железо.

Новый ИИ уже работает в WhatsApp, Instagram* и на сайте.

从VIte的入口开始分析

Submit #551894 / VDB-303540