Aggregator

Mystic Stealer是 2023 年出现的一种信息窃取工具，主要攻击Web 浏览器和加密货币钱包，并具有重度的代码混淆特征。笔者详细对比了该软件的不同版本，指出其利用常量展开和多态技术来隐藏 C2 服务器等关键配置。通过对解密算法的深入剖析，笔者总结出对其批量化提取配置的脚本。

原创

The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims' account credentials and attempt more than $20 million in fraud. In tandem, authorities detained the alleged developer, who has&

A vulnerability, which was classified as problematic, has been found in Easy Textillate Plugin up to 2.01 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-2303. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in Plus Addons for Elementor Plugin up to 5.4.1 on WordPress. Impacted is an unknown function of the component Clients Widget. The manipulation results in file inclusion. This vulnerability was named CVE-2024-2203. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability marked as problematic has been reported in Master Addons for Elementor Plugin up to 2.0.5.6 on WordPress. The affected element is an unknown function of the component Pricing Table Widget. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2024-2139. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in Plus Addons for Elementor Plugin up to 5.4.1 on WordPress. The impacted element is an unknown function of the component Team Member Listing. Such manipulation leads to file inclusion. This vulnerability is referenced as CVE-2024-2210. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability classified as problematic was found in Elementor Website Builder Plugin up to 3.20.1 on WordPress. This affects an unknown part of the component Post Navigation. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2120. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Simple Ajax Chat Plugin up to 20231101 on WordPress. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2024-2956. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Networker Plugin up to 1.1.9 on WordPress. It has been declared as critical. This affects an unknown function. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2024-2962. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Meta Tag Manager Plugin up to 3.0.2 on WordPress. Affected is an unknown function. This manipulation causes code injection. This vulnerability is handled as CVE-2024-1770. The attack can be initiated remotely. There is not any exploit available.

A vulnerability has been found in Elementor Addon Elements Plugin up to 1.13.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2024-2091. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Events Manager Plugin up to 6.4.7.1 on WordPress and classified as problematic. This affects an unknown part. Executing a manipulation can lead to cross-site request forgery. The identification of this vulnerability is CVE-2024-2110. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Events Manager Plugin up to 6.4.7.1 on WordPress. It has been classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2024-2111. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in Otter Blocks Plugin up to 2.6.5 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2024-2841. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Media Library Assistant Plugin up to 3.13 on WordPress. It has been classified as problematic. This affects the function mla_gallery of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2475. The attack is possible to be carried out remotely. No exploit exists.

Web server administrators must prioritize updating their infrastructure, as Nginx 1.29.8 and the parallel FreeNginx project have officially released critical updates. Released on April 7, 2026, these new versions introduce essential security features, enhanced cryptographic compatibility, and crucial bug fixes designed to ensure robust server performance and defend against modern cyber threats. FreeNginx, the fork […]

The post Nginx 1.29.8 and FreeNginx Released With Critical Security Updates appeared first on Cyber Security News.

Security researchers warn of Mirax, an emerging Android banking trojan using MaaS, remote access and residential proxies to target European users