Lucene search
K

663 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/12/10 12:0 a.m.11 views

(0Day) Microsoft Windows TAR File UI Misrepresentation Vulnerability

This vulnerability allows remote attackers to disguise hard links on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rendering of th...

3.3CVSS6.3AI score
Exploits0
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.11 views

WordPress plugin Auto Alt Text 跨站请求伪造漏洞

WordPress Auto Alt Text plugin is a tool that uses artificial intelligence technology to automatically generate alternative text AltText for website images. The WordPress Auto Alt Text plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does no...

4.3CVSS6.7AI score0.00107EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/03 12:0 a.m.2 views

A Descriptive Model for Modelling Attacker Decision-Making in Cyber-Deception

Cyber-deception is an increasingly important defensive strategy, shaping adversarial decision making through controlled misinformation, uncertainty, and misdirection. Although game-theoretic, Bayesian, Markov decision process, and reinforcement learning models offer insight into deceptive...

6.8AI score
Exploits0
HackRead
HackRead
added 2025/12/02 1:1 p.m.4 views

Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race

Bethesda, USA / Maryland, 2nd December 2025, CyberNewsWire...

7AI score
Exploits0
NVD
NVD
added 2025/11/29 3:15 a.m.8 views

CVE-2025-53897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

6.8CVSS0.00172EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/11/18 10:37 a.m.17 views

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in java-socket-cluster-decode-catch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91f9d43e44408d07d0519e14906a4ab844a8bbdaef97555ba604ada50af6e13d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 7:18 p.m.3 views

Malicious code in hokage-36 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae94bc8026fdffc19364a26b1475c1fc1896d88d8353984b46b7fb78b0bcfe88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.5 views

Malicious code in manadsi-sfadia-maad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19e147254c0f91f5a75b7f785868bbf119540965438c955b13989e22dcbe5b59 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/12 7:47 a.m.7 views

CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...

6.7CVSS6.9AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 4:29 a.m.3 views

MAL-2025-140282 Malicious code in cache-procyon-markdown-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c0a5ed9de61f271e486d7001316411a5cba9e130e1850a2cffc40653b79943e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.3 views

MAL-2025-139693 Malicious code in auriga-xenos-command-markdownlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fec3c3ef11e14e50a517e63caa9aca355427c437df4d625dc2d40a9c70a4b22a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 3:48 a.m.1 views

MAL-2025-80729 Malicious code in putra-ragi17-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1612e28f0e8005bae187a9f05bdda240eca45b8894c896014213072378086d68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/10 5:21 p.m.1 views

MAL-2025-55768 Malicious code in devoted_parrotfish_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2c8461d4eba2d004b31d839cd38d43cc0183fbcfd6187c1cb39151223d74c7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/01 2:20 p.m.6 views

CVE-2025-64387

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...

5.1CVSS6.9AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 2:12 p.m.4 views

EUVD-2025-37353

The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...

5.1CVSS6.4AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2025/10/31 12:15 a.m.5 views

CVE-2025-48982

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file...

7.8CVSS5.8AI score0.0016EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/24 7:36 p.m.6 views

Content Spoofing

org.wso2.identity.apps:authentication-portal is vulnerable to Content Spoofing. The vulnerability is due to improper handling and validation of error messages passed through URL parameters, which allows an attacker to inject arbitrary content into the user interface and deceive users through...

4.3CVSS6.8AI score0.002EPSS
Exploits0References7Affected Software1
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.25 views

Jailbreak Mimicry: Automated Discovery of Narrative-Based Jailbreaks for Large Language Models

Large language models LLMs remain vulnerable to sophisticated prompt engineering attacks that exploit contextual framing to bypass safety mechanisms, posing significant risks in cybersecurity applications. We introduce Jailbreak Mimicry, a systematic methodology for training compact attacker mode...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.6 views

Sensing Security in Near-Field ISAC: Exploiting Scatterers for Eavesdropper Deception

In this paper, we explore sensing security in near-field NF integrated sensing and communication ISAC scenarios by exploiting known scatterers in the sensing scene. We propose a location deception LD scheme where scatterers are deliberately illuminated with probing power that is higher than that...

6.5AI score
Exploits0
Rows per page
Query Builder