Aggregator

A vulnerability was found in Adobe After Effects up to 23.6.9/24.6.2 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-47441. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe After Effects up to 23.6.9/24.6.2. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-47442. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in BlackBerry SecuSUITE up to 5.0.420. Affected is an unknown function of the component Web Administration Portal. The manipulation leads to link following. This vulnerability is traded as CVE-2024-51721. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in OpenText ALM Octane Management up to 24.4. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10923. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in AMD Software PRO Edition, Software Adrenalin Edition and Software Cloud Edition. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HIP SDK Installation Handler. The manipulation leads to incorrect default permissions. This vulnerability is known as CVE-2024-21937. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe After Effects up to 23.6.9/24.6.2. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-47443. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in AMD Provisioning Console Software. This issue affects some unknown processing of the component Installation Handler. The manipulation leads to incorrect default permissions. The identification of this vulnerability is CVE-2024-21958. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Illustrator up to 28.7.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-47453. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Illustrator up to 28.7.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-47454. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Illustrator up to 28.7.1. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-47455. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Illustrator up to 28.7.1. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-47456. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Photoshop Desktop up to 24.7.3/25.11. It has been classified as critical. This affects an unknown part. The manipulation leads to integer underflow. This vulnerability is uniquely identified as CVE-2024-49514. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Fortinet FortiOS up to 7.0.13/7.2.7/7.4.3. It has been rated as critical. This issue affects some unknown processing of the component SAML Authentication Link Handler. The manipulation leads to session fixiation. The identification of this vulnerability is CVE-2023-50176. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Bridge up to 14.1.2. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-45147. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has removed two widely-used Visual Studio Code (VS Code) extensions, “Material Theme Free” and “Material Theme Icons Free,” from its marketplace after cybersecurity researchers discovered malicious code embedded within them. These extensions, developed by Mattia Astorino (also known as equinusocio), had amassed nearly 9 million installations combined, with Astorino’s total extension downloads exceeding 13 […]

The post VS Code Extension with 9 Million Installs Attacks Developers with Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new ransomware group, dubbed Anubis, has emerged as a significant threat in the cybersecurity landscape. Active since late 2024, Anubis employs advanced techniques and operates across multiple platforms, including Windows, Linux, NAS, and ESXi environments. The group is leveraging ransomware-as-a-service (RaaS) and other affiliate-based monetization models to expand its reach and impact. Technical Capabilities […]

The post New Anubis Ransomware Targets Windows, Linux, NAS, and ESXi x64/x32 Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new wave of cyberattacks targeting WordPress websites has been uncovered, with attackers leveraging fake plugins to inject malicious links into site footers. These links, often promoting casino-related spam, compromise website integrity and can severely impact search engine optimization (SEO). The attackers use sophisticated techniques to disguise their malicious plugins, making detection and removal challenging […]

The post WordPress Admins Warned of Fake Plugins Injecting Malicious Links into Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

跨国黑客GHOSTR落网，涉90多起数据泄露案件，窃取13TB敏感信息，危害全球多国政府与企业，最终被多国执法部门联合逮捕。

A newly identified cybercriminal group, LARVA-208, also known as EncryptHub, has successfully infiltrated 618 organizations globally since June 2024, leveraging advanced social engineering techniques to steal credentials and deploy ransomware. According to reports from cybersecurity firms CATALYST and Prodaft, the group has demonstrated a high level of sophistication in its operations, targeting corporate networks through […]

The post LARVA-208 Hackers Compromise 618 Organizations Stealing Logins and Deploying Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

一个拥有 6 亿用户量的标杆性智能平台接入了大模型，会带来哪些连锁反应？