Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector
The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen digital currency to the...
-0.5AI Score
WordPress Simple Ajax Chat plugin信息泄露漏洞
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Simple Ajax Chat plugin has an information disclosure vulnerability, no detailed vulnerability details are...
1.8AI Score
Microsoft Windows Hyper-V Shared Virtual Hard Disks信息泄露漏洞(CNVD-2022-62514)
Microsoft Hyper-V is an application from Microsoft Corporation (USA). A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Windows Hyper-V Shared Virtual Hard Disks has an information disclosure vulnerability that could be exploited by attackers to obtain...
6.5CVSS
2AI Score
0.017EPSS
SAP BusinessObjects Business Intelligence platform信息泄露漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence (BI) products to eliminate system integration challenges and...
2.2AI Score
SAP BusinessObjects Business Intelligence Platform信息泄露漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence (BI) products to eliminate system integration challenges and...
2.2AI Score
Microsoft Azure Site Recovery信息泄露漏洞
Microsoft Azure Site Recovery is a site recovery (DRaaS) from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to information disclosure. The vulnerability stems from a configuration or other error in the network system or product during...
4.9CVSS
1.6AI Score
0.009EPSS
Microsoft Windows Hyper-V Shared Virtual Hard Disks信息泄露漏洞
Microsoft Hyper-V is an application from Microsoft Corporation (USA). A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Windows Hyper-V Shared Virtual Hard Disks has an information disclosure vulnerability that could be exploited by attackers to obtain...
6.5CVSS
1.8AI Score
0.007EPSS
Lines of code Vulnerability details Impact As specified in Convex BaseRewardPool.sol and VirtualRewardPool.sol, the function signature of earned is earned(address). However, balanceOfJPEG did not pass any arguments to earned, which would cause balanceOfJPEG to always revert. This bug will...
6.7AI Score
Wordpress Salon booking system Free and pro信息泄露漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Salon booking system Free and pro is vulnerable to an information disclosure vulnerability that could be exploited....
1.5AI Score
[WP-H22] Bad debts should not continue to accrue interest
Lines of code Vulnerability details uint256 debtAmount = _getDebtAmount(_nftIndex); require( debtAmount >= _getLiquidationLimit(_nftIndex), "position_not_liquidatable" ); // burn all payment stablecoin.burnFrom(msg.sender, debtAmount); In the current design/implementation, the liquidator...
6.6AI Score
IBM System Storage DS8000 Hardware Management Console信息泄露漏洞
IBM System Storage DS8000 Hardware Management Console is a hardware management console for the DS8000, an IBM storage media platform from IBM, U.S.A. The IBM System Storage DS8000 Hardware Management Console An information disclosure vulnerability exists, which stems from a network system or...
1.5AI Score
The State of Stalkerware in 2021
The state of stalkerware in 2021 (PDF) Main findings of 2021 Every year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner with stakeholders across public and private sectors to raise awareness and find solutions to best tackle this...
1.1AI Score
CVE-2022-24990 ** Description - POC for...
7.5CVSS
8.7AI Score
0.96EPSS
Friday Squid Blogging: Do Squid Have Emotions?
Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we don't know, but can't rule it out. There may be a point when humans can no longer assume that crayfish, shrimp, and other invertebrates don't feel pain and other emotions. "If they can no longer be...
0.9AI Score
Fortinet FortiClient for Linux信息泄露漏洞
Fortinet FortiClient is a fabric agent from Fortinet USA, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client.An information disclosure vulnerability exists in Fortinet FortiClient for Linux. An unauthenticated attacker could exploit the...
0.9AI Score
A SQL injection vulnerability exists in BossCMS of Wenzhou Huyin Information Technology Co.
BossCMS is a self-developed PHP framework for enterprise website building system. Ltd. BossCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database...
1.3AI Score
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
A server-side request forgery (SSRF) flaw in an API of a large financial technology (fintech) platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt...
10CVSS
-0.4AI Score
0.976EPSS
0.3AI Score
WordPress Booking Package信息泄露漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Booking Package is vulnerable to an information disclosure vulnerability that could be exploited by...
1.4AI Score
Google Chrome File System API信息泄露漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by the window.showSaveFilePicker function that parses and returns environment variable values to the user when passing environment variables, which can be exploited by an attacker to.....
2.7AI Score
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
SpringCloud-Gateway命令执行漏洞(CVE-2022-22947) 环境搭建...
10CVSS
10AI Score
0.975EPSS
IBM Sterling Partner Engagement Manager信息泄露漏洞
IBM Sterling Partner Engagement Manager is an automated management tool from IBM Corporation. IBM Sterling Partner Engagement Manager version 6.2.0 is vulnerable to an information disclosure vulnerability that could be exploited by a remote, authenticated attacker to obtain sensitive information...
3.2AI Score
Exploit for Code Injection in Vmware Spring Framework
CVE-2022-22965 2022.04.02 16:44 优化了POC,不再是一次性验证 Optimized...
9.8CVSS
0.6AI Score
0.975EPSS
System could be wrapped and made useless without contract whitelisting
Lines of code https://github.com/code-423n4/2022-03-paladin/blob/9c26ec8556298fb1dc3cf71f471aadad3a5c74a0/contracts/HolyPaladinToken.sol#L284 https://github.com/code-423n4/2022-03-paladin/blob/9c26ec8556298fb1dc3cf71f471aadad3a5c74a0/contracts/HolyPaladinToken.sol#L268 Vulnerability details Impact....
6.7AI Score
Exploit for Code Injection in Vmware Spring Framework
CVE-2022-22965 CVE-2022-22965 EXP\n 一般环境需求:...
9.8CVSS
1.7AI Score
0.975EPSS
A Blockchain Primer and Bored Ape Headscratcher – Podcast
Why in the world would a collection of nonfungible token (NFT) gorilla avatars called the Bored Ape Yacht Club (BAYC), run by 30-somethings using aliases like “Emperor Tomato Ketchup” and “No Sass” and adored by celebrities, spiral on up to a multibillion-dollar valuation (…and, by the way, how...
10CVSS
-0.7AI Score
0.976EPSS
9.8CVSS
9.5AI Score
0.01EPSS
CoreCollection's token transfer can be disabled
Lines of code https://github.com/code-423n4/2022-03-joyn/blob/main/splits/contracts/Splitter.sol#L164 Vulnerability details Impact When royaltyAsset is an ERC20 that doesn't allow zero amount transfers, the following griefing attack is possible, entirely disabling CoreCollection token transfer by.....
6.7AI Score
Conti Leaks: Examining the Panama Papers of Ransomware | Trellix
Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...
0.1AI Score
0.024EPSS
Jenkins instant-messaging Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...
6.5CVSS
1.2AI Score
0.001EPSS
Lines of code Vulnerability details A configurable startFeeFraction with no upper bound can be claimed by the caller to a specified address. The fee is not based on the gas cost, but on the _totalLent of the pool. We believe this startFee reward is unnecessary and it creates a potential rug...
6.8AI Score
Conti Leaks: Examining the Panama Papers of Ransomware | Trellix
Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...
5.7AI Score
0.024EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
在王政代码基础上添加了,两种反弹shell,出网探测, 运行行时缺少什么模块。使用pip下载哪个模块就行了。...
10CVSS
10AI Score
0.975EPSS
New Malware Loader 'Verblecon' Infects Hacked PCs with Cryptocurrency Miners
An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to...
1.6AI Score
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The U.S. Department of Justice (DOJ) has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and beyond, including at least one nuclear power plant. The campaigns involved one of the most dangerous malwares ever encountered in....
10CVSS
0.7AI Score
0.976EPSS
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....
5.3CVSS
0.001EPSS
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....
5.3CVSS
5.2AI Score
0.001EPSS
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....
5.3CVSS
5.3AI Score
0.001EPSS
CVE-2021-44751 F-Secure SAFE Browser vulnerable to USSD attacks
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....
4.3CVSS
5.5AI Score
0.001EPSS
Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This...
9.5AI Score
Delta Electronics DIAEnergie信息泄露漏洞
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics.....
1.2AI Score
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目,该项目是基于...
10CVSS
9.9AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目,该项目是基于...
10CVSS
9.9AI Score
0.975EPSS
South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau
Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean...
0.4AI Score
CVE-2022-24990...
7.5CVSS
7.8AI Score
0.96EPSS
-0.8AI Score
0.001EPSS
Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware
An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it's typical of ransomware groups to rebrand their operations in response to increased...
1.3AI Score
Suspected DarkHotel APT Activity Update
Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...
7.1AI Score
Jenkins Vmware vRealize CodeStream Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Vmware vRealize CodeStream Plugin...
6.5CVSS
1.4AI Score
0.001EPSS
Suspected DarkHotel APT Activity Update
Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...
0.2AI Score