"I Had a Dream" and Generative AI Jailbreaks
"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes....
6.8AI Score
Chromecookiestealer - Steal/Inject Chrome Cookies Over The DevTools Protocol
Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies. Heavily inspired by WhiteChocolateMacademiaNut. Cookies are dumped as JSON objects using Chrome's own format. The same format is used for cookies to be loaded. For legal use only. Features Dump...
6.8AI Score
S4UTomato - Escalate Service Account To LocalSystem Via Kerberos
Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the "Potato" series of privilege escalation should know that it can elevate service account privileges to local system privileges. The early exploitation techniques of "Potato" are almost identical:...
7.5AI Score
Woodstox Vulnerability in Bamboo Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
7.5CVSS
6.7AI Score
0.008EPSS
Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L245-L247 Vulnerability details Impact It is possible for a bad player to use flashloan to manipulate the system by making "valuable" LP to get....
6.9AI Score
Potential denial of service due to out of bound gas usage
Lines of code Vulnerability details Summary The implementation of accrueConcentratedPositionTimeWeightedLiquidity() incurs in complex and unbounded computations that could lead to significant gast costs and a potential denial of service. Impact The liquidity mining program in the Ambient DEX will.....
6.8AI Score
Achieving DORA Compliance with Qualys: A Comprehensive Approach
In the ever-changing landscape of finance and technology, it is crucial to have robust operational resilience and compliance frameworks. The Digital Operational Resilience Act (DORA) framework is a significant step in this direction, as it is intended to strengthen the resilience of financial...
6.7AI Score
Android 14 Security Release Notes
This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 14. Android 14 devices with a security patch level of 2023-10-01 or later are protected against these issues (Android 14 , as released on AOSP, will...
9.8CVSS
7.9AI Score
EPSS
A malicious user can reduce a staker's rewards
Lines of code Vulnerability details Impact A user's interest is accrued through the _executeBoost function, which calls _interestAccrued which performs calculations on how much the user has accrued. Said calculations are made by subtracting the user's rewardIndex from the current market...
7.1AI Score
Meta is using your public Facebook and Instagram posts to train its AI
Post anything publicly on Facebook and Instagram? Meta has likely been using those posts to train its AI, according to the company's top policy executive. In an interview with Reuters, Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large...
6.7AI Score
Amazon Linux 2023 : snakeyaml, snakeyaml-javadoc (ALAS2023-2023-375)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-375 advisory. Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that...
6.5CVSS
7AI Score
0.006EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6404-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6404-1 advisory. A compromised content process could have provided malicious data in a PathRecording resulting in an out- of-bounds write, leading to a potentially...
9.8CVSS
9.3AI Score
0.245EPSS
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and...
8.1AI Score
Ransomware reinfections on the rise from improper remediation
Attack. Remediate. Repeat? Speak to any organization infiltrated by ransomware--the most dangerous malware in the world--and they'll be blunt: They'd do anything to avoid getting hit twice. But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe,...
8.2AI Score
Exploit for Improper Resource Shutdown or Release in Eero Eeroos
eeroOS Ethernet Interface Denial of Service Vulnerability...
6.5AI Score
Fedora 37 : firefox (2023-7a4026e363)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7a4026e363 advisory. A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out- of-bounds write, leading to a...
9.8CVSS
9.8AI Score
0.001EPSS
PptiPNG -- Global-buffer-overflow
Frank-Z7 reports: Running optipng with the "-zm 3 -zc 1 -zw 256 -snip -out" configuration options enabled raises a global-buffer-overflow bug, which could allow a remote attacker to conduct a denial-of-service attack or other unspecified effect on a crafted...
7.8CVSS
7AI Score
0.001EPSS
Unlocking Seamless API Security: Revenera’s Journey with Wallarm
In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog post, we'll dive into the experience of Rob Davies, VP of Engineering and Lead Architect at...
7AI Score
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118. Notes Autho...
7.4CVSS
6.2AI Score
0.001EPSS
Security Advisory 0080 _._CSAF PDF Date: September 28th 2023 Revision | Date | Changes ---|---|--- 1.5 | September 28th 2023 | Update to include 4.29 to EOS Releases that resolve the CVE's 1.4 | January 11th 2023 | Update the fixed release info of NetVisor OS Software 1.3 | October 24th 2022 |...
4.7CVSS
5.6AI Score
0.001EPSS
Fedora 38 : firefox (2023-587dc80bb1)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-587dc80bb1 advisory. A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out- of-bounds write, leading to a...
9.8CVSS
9.8AI Score
0.001EPSS
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox <...
7.4CVSS
7.5AI Score
0.001EPSS
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox <...
7.4CVSS
6.3AI Score
0.001EPSS
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox <...
7.4CVSS
7.7AI Score
0.001EPSS
Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6...
5.4CVSS
6AI Score
0.0004EPSS
Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6...
6.5CVSS
5.2AI Score
0.0004EPSS
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox <...
7.4CVSS
6.5AI Score
0.001EPSS
Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6...
5.4CVSS
5.2AI Score
0.0004EPSS
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox <...
7.4CVSS
6.4AI Score
0.001EPSS
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox <...
7.9AI Score
0.001EPSS
CVE-2023-40605 WordPress Typing Effect Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)
Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6...
6.5CVSS
6.2AI Score
0.0004EPSS
Amazon Linux 2 : ansible (ALASANSIBLE2-2023-008)
The version of ansible installed on the remote host is prior to 2.9.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-008 advisory. A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 ...
7.9CVSS
8.1AI Score
0.001EPSS
Amazon Linux 2 : firefox (ALASFIREFOX-2023-009)
The version of firefox installed on the remote host is prior to 102.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-009 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing ...
9.8CVSS
7.8AI Score
0.002EPSS
93digital Typing Effect < 1.3.7 - Contributor+ Stored XSS
Description The plugin does not properly sanitize user input, leading to a potential Cross-Site Scripting (XSS)...
5.4CVSS
5.6AI Score
0.0004EPSS
Google libwebp open source library remote code execution vulnerability
WebP is an image format developed by Google, which supports lossy and lossless compression of network images, and its compression effect and speed have certain advantages over PNG and JPEG formats. libwebp is a C/C++ open source library that implements the coding and decoding of the WebP image...
8.8CVSS
9.3AI Score
0.609EPSS
Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I'll explain how to exploit CVE-2023-3420, a type confusion vulnerability in v8 (the Javascript engine of Chrome), that I reported in June 2023 as bug 1452137. The bug was fixed in version 114.0.5735.198/199. It allows remote code execution (RCE) in the renderer sandbox of Chrome by.....
9.6CVSS
8.3AI Score
0.974EPSS
Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX
How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization's threat response Summary of Findings The Network Effect Threat Report offers insights based...
8.5AI Score
Credit card thieves target Booking.com customers
Staff in the hospitality industry are trained to accommodate their guests, and when they have a few years of experience under their belt you can be sure they'll have received some extraordinary requests. Which is something that clever cybercriminals are taking advantage of. Researchers at...
6.7AI Score
The version of Firefox installed on the remote Windows host is prior to 118.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-41 advisory. A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds...
9.8CVSS
10AI Score
0.001EPSS
Mozilla Firefox Security Advisory (MFSA2023-41) - Linux
This host is missing a security update for Mozilla...
9.8CVSS
9.4AI Score
0.001EPSS
Security Vulnerabilities fixed in Firefox 118 — Mozilla
A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.This bug only affects Firefox on Windows. Other operating systems are unaffected. A compromised content process....
9.8CVSS
7.5AI Score
0.001EPSS
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 118.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-41 advisory. A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an...
9.8CVSS
10AI Score
0.001EPSS
TikTok flooded with fake celebrity nude photo Temu referrals
Sites and apps frequently gamify their products and experiences to grow their user base. It's a relatively easy way to have their customers become more involved thanks to whatever incentives may be on offer. A game here, a rewards program there, and everyone is happy. Well, almost everyone. If...
6.8AI Score
Steer clear of cryptocurrency recovery phrase scams
The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. Cuban lost a combination of coin types as asset movement flagged up after months of inactivity from his wallet. Cuban discovered some of the...
6.9AI Score
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
Cisco Talos recently discovered a new malware family we're calling "HTTPSnoop" being deployed against telecommunications providers in the Middle East. HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to...
7.8AI Score
Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its...
6.9AI Score
The MGM Cybersecurity Breach: Learnings and Prevention Measures
As many are aware, the systems of the $14 billion dollar gaming and hospitality giant MGM have been brought to a halt for nearly 5 days due to a multi-vector attack that has come to affect Caesars Entertainment as well. While the culprits of the attack are not confirmed, hacking group Scattered...
7AI Score
PCI v4 is coming. Are you ready?
If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs of....
7AI Score
Allowing price updates once in an epoch is extremely risky and open windows to a lot of issues
Lines of code Vulnerability details Impact Protocol currently knows about how this could be an effect, since the comments to both previewDeposit() and convertToShares() suggest that any difference attached to this should be considered slippage, but measures are not taken to ensure that this...
6.7AI Score
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their....
7.8CVSS
7.8AI Score
0.001EPSS