663 matches found
(0Day) Microsoft Windows TAR File UI Misrepresentation Vulnerability
This vulnerability allows remote attackers to disguise hard links on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rendering of th...
WordPress plugin Auto Alt Text 跨站请求伪造漏洞
WordPress Auto Alt Text plugin is a tool that uses artificial intelligence technology to automatically generate alternative text AltText for website images. The WordPress Auto Alt Text plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does no...
A Descriptive Model for Modelling Attacker Decision-Making in Cyber-Deception
Cyber-deception is an increasingly important defensive strategy, shaping adversarial decision making through controlled misinformation, uncertainty, and misdirection. Although game-theoretic, Bayesian, Markov decision process, and reinforcement learning models offer insight into deceptive...
Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race
Bethesda, USA / Maryland, 2nd December 2025, CyberNewsWire...
CVE-2025-53897
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...
Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm...
Malicious code in java-socket-cluster-decode-catch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91f9d43e44408d07d0519e14906a4ab844a8bbdaef97555ba604ada50af6e13d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hokage-36 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae94bc8026fdffc19364a26b1475c1fc1896d88d8353984b46b7fb78b0bcfe88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in manadsi-sfadia-maad (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19e147254c0f91f5a75b7f785868bbf119540965438c955b13989e22dcbe5b59 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-8108
An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...
MAL-2025-140282 Malicious code in cache-procyon-markdown-hermes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c0a5ed9de61f271e486d7001316411a5cba9e130e1850a2cffc40653b79943e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-139693 Malicious code in auriga-xenos-command-markdownlint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fec3c3ef11e14e50a517e63caa9aca355427c437df4d625dc2d40a9c70a4b22a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-80729 Malicious code in putra-ragi17-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1612e28f0e8005bae187a9f05bdda240eca45b8894c896014213072378086d68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-55768 Malicious code in devoted_parrotfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2c8461d4eba2d004b31d839cd38d43cc0183fbcfd6187c1cb39151223d74c7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-64387
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...
EUVD-2025-37353
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...
CVE-2025-48982
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file...
Content Spoofing
org.wso2.identity.apps:authentication-portal is vulnerable to Content Spoofing. The vulnerability is due to improper handling and validation of error messages passed through URL parameters, which allows an attacker to inject arbitrary content into the user interface and deceive users through...
Jailbreak Mimicry: Automated Discovery of Narrative-Based Jailbreaks for Large Language Models
Large language models LLMs remain vulnerable to sophisticated prompt engineering attacks that exploit contextual framing to bypass safety mechanisms, posing significant risks in cybersecurity applications. We introduce Jailbreak Mimicry, a systematic methodology for training compact attacker mode...
Sensing Security in Near-Field ISAC: Exploiting Scatterers for Eavesdropper Deception
In this paper, we explore sensing security in near-field NF integrated sensing and communication ISAC scenarios by exploiting known scatterers in the sensing scene. We propose a location deception LD scheme where scatterers are deliberately illuminated with probing power that is higher than that...