Lucene search
K

112 matches found

Talos Blog
Talos Blog
added 2025/04/17 10:0 a.m.16 views

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed an existing distributed denial-of-service DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the United States from Nov. 2023 to Feb. 2025. Th...

8.5AI score
Exploits0
NVD
NVD
added 2025/04/15 9:16 p.m.26 views

CVE-2025-30730

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...

7.5CVSS0.0037EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/28 12:0 a.m.49 views

Oracle Linux 9 : nginx:1.22 (ELSA-2025-3261)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3261 advisory. - Resolves: RHEL-84486 - nginx:1.22/nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 - Resolves: RHEL-12737 - nginx:1.22/nginx: HTTP/...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References2
The Hacker News
The Hacker News
added 2025/03/17 1:12 p.m.34 views

Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 CVSS v4 score: 9.3, a critical operating system command injection flaw that a...

9.3CVSS9.1AI score0.7227EPSS
Exploits3
Malwarebytes
Malwarebytes
added 2025/03/10 10:21 p.m.7 views

X users report login troubles as Dark Storm claims cyberattack

In the early morning hours of March 10, thousands of users on X formerly Twitter began having trouble logging into the platform. It was only the first service blip of at least three to come that same day and, if one cybercriminal group is to be believed, it was all on purpose. “Twitter has been...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-24356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd wil...

7.5CVSS5.5AI score0.0065EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-14312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it...

5.9CVSS6.3AI score0.0123EPSS
Exploits0References3
NVD
NVD
added 2025/01/27 6:15 p.m.14 views

CVE-2025-24356

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...

7.5CVSS0.0065EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/01/27 5:31 p.m.8 views

CVE-2025-24356 UDP traffic amplification via fastd's fast reconnect feature

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...

6.9CVSS6.3AI score0.0065EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/01/27 5:31 p.m.12 views

CVE-2025-24356 UDP traffic amplification via fastd's fast reconnect feature

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...

6.9CVSS0.0065EPSS
Exploits0References8
OSV
OSV
added 2025/01/27 5:31 p.m.8 views

CVE-2025-24356 UDP traffic amplification via fastd's fast reconnect feature

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast...

6.9CVSS6.4AI score0.0065EPSS
Exploits0References10
CVE
CVE
added 2025/01/27 5:31 p.m.95 views

CVE-2025-24356

The CVE-2025-24356 affects the fastd VPN daemon. When fastd receives a data packet from an unknown IP/port, it may assume a peer moved and trigger a fast-reconnect handshake (~150 bytes of UDP payload), creating an amplification factor of about 12–13 for UDP traffic. This can be exploited by spoo...

7.5CVSS6.8AI score0.0065EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

Misskey 安全漏洞

Misskey is a permanently free open source federated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 2024.10.1 and earlier, which stems from an undetected proxy loop that allows a remote participant to perform a self-propagating...

7.4CVSS6.6AI score0.00305EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/11/04 12:2 p.m.34 views

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

German law enforcement authorities have announced the disruption of a criminal service called dstat.cc that made it possible for other threat actors to easily mount distributed denial-of-service DDoS attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/10/03 5:0 p.m.3 views

Ransomware Groups Demystified: CyberVolk Ransomware

As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024. Unlike traditional ransomware groups, CyberVolk initially positione...

7.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/01 6:26 p.m.5 views

cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack

A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...

7.5CVSS5.8AI score0.00859EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.18 views

RHEL 5 : dnsmasq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attack...

4.9AI score0.04873EPSS
Exploits2References5
Veracode
Veracode
added 2023/10/18 6:2 a.m.21 views

Distributed Denial Of Service (DDoS)

silverstripe/graphql is vulnerable to Distributed Denial Of Service attacks. The vulnerability is due to publicly exposed graphql schemas because it does not properly validate recursive queries, allowing an attacker to send recursive queries into the system...

7.5CVSS6.8AI score0.00901EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/16 6:5 p.m.13 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.6AI score0.00901EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/10/16 6:5 p.m.47 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.8AI score0.00901EPSS
Exploits0References5
Rows per page
Query Builder