An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.4CVSS
5.5AI Score
0.0004EPSS
An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.4CVSS
5.5AI Score
0.0004EPSS
An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.4CVSS
7.1AI Score
0.0004EPSS
An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...
5.7AI Score
0.0004EPSS
What to do with that fancy new internet-connected device you got as a holiday gift
Welcome to 2024! The Threat Source newsletter is back after our winter break. When I wasn't spending my downtime chasing around my toddler, one of my main projects was to upgrade the internet connection at my house. My ISP started offering Gigabit speeds and a 60 GHz connection, which was...
9.1CVSS
8.5AI Score
0.969EPSS
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system. Real-world examples can be found in our previous...
6.8AI Score
Facial Scanning by Burger King in Brazil
In 2000, I wrote: "If McDonald's offered three free Big Macs for a DNA sample, there would be lines around the block." Burger King in Brazil is almost there, offering discounts in exchange for a facial scan. From a marketing video: "At the end of the year, it's Friday every day, and the hangover...
7.3AI Score
Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...
7.1AI Score
Ben Rothke’s Review of A Hacker’s Mind
Ben Rothke chose A Hacker's Mind as "the best information security book of...
7.2AI Score
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before...
6.1CVSS
6.2AI Score
0.0005EPSS
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before...
6.1CVSS
0.0005EPSS
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before...
6.1CVSS
7.1AI Score
0.0005EPSS
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before...
4.7CVSS
6.5AI Score
0.0005EPSS
Is Web Scraping Illegal? Depends on Who You Ask
Web scraping has existed for a long time, and depending on who you ask, it can be loved or hated. But where is the line drawn between extracting data for legitimate business purposes and malicious data extraction that hurts business? The bar is getting blurrier by the day, and the introduction of.....
6.7AI Score
I trusted a lot today. I trusted my phone to wake me on time. I trusted Uber to arrange a taxi for me, and the driver to get me to the airport safely. I trusted thousands of other drivers on the road not to ram my car on the way. At the airport, I trusted ticket agents and maintenance engineers...
6.8AI Score
Within the sphere of IT, 'network accessibility' is a term frequently used. Yet, does everyone understand its connotation? Simplistically put, network accessibility alludes to how readily a network or system can be accessed by its users. It quantifies to what extent a system is functioning and...
7.9AI Score
The Invariant can be broken as 1 NOTE does not always equal to 1 cNOTE.
Lines of code https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/asD/src/asD.sol#L52 Vulnerability details Impact users will not be able to redeem their asD tokens for equivalent amount of NOTE because when minting cNOTE, 1 cNOTE doesn't always equal 1 NOTE. ....
6.8AI Score
Intrinsic arbitrage between assets due to price feed deviation threshold
Lines of code Vulnerability details Impact Withdrawals have not yet been implemented but I assume it will be implemented in the usual way such that the fraction of total supply of rsETH a user redeems gives him an equal fraction of total assets held, i.e. received = sharesToRedeem * totalAssets /.....
6.8AI Score
7.8CVSS
7AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4j Vulnerability - CVE-2021-44228 :green_book: ...
10CVSS
9.7AI Score
0.976EPSS
Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in "This Is Spinal Tap." Many of the minuscule.....
7.2AI Score
Exploit for Unquoted Search Path or Element in Openbsd Openssh
OpenSSH Vulnerability - CVE-2023-38408 :books: ###...
9.8CVSS
10AI Score
0.028EPSS
Fedora 39 : libcaca (2023-8282501ffb)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8282501ffb advisory. libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service (CVE-2022-0856) Note that...
6.5CVSS
6.7AI Score
0.002EPSS
Rocky Linux 8 : perl (RLSA-2021:1678)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1678 advisory. Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow....
8.6CVSS
7.9AI Score
0.003EPSS
Fedora: Security Advisory for libcaca (FEDORA-2023-8282501ffb)
The remote host is missing an update for...
6.5CVSS
6.5AI Score
0.002EPSS
[SECURITY] Fedora 39 Update: libcaca-0.99-0.69.beta20.fc39
libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...
6.5CVSS
6.4AI Score
0.002EPSS
Russian Reshipping Service ‘SWAT USA Drop’ Exposed
The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here's a closer look at the Russia-based SWAT USA Drop Service,...
6.5AI Score
Scaling Issue in AccountingEngine.auctionSurplus Causing Token Drains
Lines of code https://github.com/open-dollar/od-contracts/blob/v1.5.5-audit/src/contracts/AccountingEngine.sol#L230 https://github.com/open-dollar/od-contracts/blob/v1.5.5-audit/src/libraries/Math.sol#L104 Vulnerability details Impact The impact of this vulnerability is significant as it leads to.....
6.8AI Score
books-bubbles.com Cross Site Scripting vulnerability OBB-3753458
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
The Undernet, a term frequently shrouded in enigma and often linked with unlawful activities, is a concealed segment of the digital world that is purposefully veiled and unreachable via regular internet browsers. This chapter aims to unveil the secrets of the Undernet, step by step demythifying...
7AI Score
3 crucial security steps people should do, but don't
Cybersecurity could be as easy as 1-2-3. The problem, though, is that people have to want it. In new research conducted by Malwarebytes, internet users across the United States and Canada admitted to dismal cybersecurity practices, failing to adopt some of the most basic defenses for staying safe.....
7.2AI Score
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
9.8CVSS
7.8AI Score
0.001EPSS
Hacking the High School Grading System
Interesting New York Times article about high-school students hacking the grading system. What's not helping? The policies many school districts are adopting that make it nearly impossible for low-performing students to fail--they have a grading floor under them, they know it, and that allows...
6.9AI Score
Slackware Linux 15.0 / current libcaca Vulnerability (SSA:2023-284-04)
The version of libcaca installed on the remote host is prior to 0.99.beta20. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-284-04 advisory. libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of...
6.5CVSS
6AI Score
0.002EPSS
6.5CVSS
6.5AI Score
0.002EPSS
Fedora: Security Advisory for libcaca (FEDORA-2023-335e8b2908)
The remote host is missing an update for...
6.5CVSS
6.5AI Score
0.002EPSS
Fedora: Security Advisory for libcaca (FEDORA-2023-7248587205)
The remote host is missing an update for...
6.5CVSS
6.5AI Score
0.002EPSS
New libcaca packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libcaca-0.99.beta20-i586-1_slack15.0.txz: Upgraded. Fixed a crash bug (a crafted file defining width of zero leads to divide by ...
6.5CVSS
6.9AI Score
0.002EPSS
[SECURITY] Fedora 38 Update: libcaca-0.99-0.69.beta20.fc38
libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...
6.5CVSS
6.4AI Score
0.002EPSS
[SECURITY] Fedora 37 Update: libcaca-0.99-0.69.beta20.fc37
libcaca is the Colour AsCii Art library. It provides high level functions for color text drawing, simple primitives for line, polygon and ellipse drawing, as well as powerful image to text conversion...
6.5CVSS
6.4AI Score
0.002EPSS
Fedora 38 : libcaca (2023-7248587205)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7248587205 advisory. libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service (CVE-2022-0856) Note that...
6.5CVSS
6AI Score
0.002EPSS
Fedora 37 : libcaca (2023-335e8b2908)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-335e8b2908 advisory. libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service (CVE-2022-0856) Note that...
6.5CVSS
6AI Score
0.002EPSS
There is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks--and the steps we...
7.2AI Score
Exploit for Use After Free in Linux Linux Kernel
Linux kernel release 4.x http://kernel.org/ These are the...
5.5CVSS
6.4AI Score
0.0004EPSS
Lines of code https://github.com/code-423n4/2023-09-maia/blob/f5ba4de628836b2a29f9b5fff59499690008c463/src/RootBridgeAgent.sol#L938 https://github.com/LayerZero-Labs/LayerZero/blob/48c21c3921931798184367fc02d3a8132b041942/contracts/Endpoint.sol#L95 Vulnerability details Impact _performFallbackCall....
7.2AI Score
Presto JDBC Server-Side Request Forgery by nextUri
Summary Presto JDBC is vulnerable to Server-Side Request Forgery (SSRF) when connecting a remote Presto server. An attacker can modify the nextUri parameter to internal server in response content that Presto JDBC client will request next and view sensitive information from highly sensitive...
6.7AI Score
Presto JDBC Server-Side Request Forgery by redirect
Summary Presto JDBC is vulnerable to Server-Side Request Forgery (SSRF) when connecting a remote Presto server. An attacker can construct a redirect response that Presto JDBC client will follow and view sensitive information from highly sensitive internal servers or perform a local port scan. ...
7AI Score
Meta is using your public Facebook and Instagram posts to train its AI
Post anything publicly on Facebook and Instagram? Meta has likely been using those posts to train its AI, according to the company's top policy executive. In an interview with Reuters, Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large...
6.7AI Score
About the security content of macOS Sonoma 14
About the security content of macOS Sonoma 14 This document describes the security content of macOS Sonoma 14. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
10CVSS
10AI Score
0.028EPSS
7.6AI Score
0.001EPSS