Lucene search
+L

262 matches found

The Hacker News
The Hacker News
added 2024/10/23 9:54 a.m.22 views

Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models

Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models LLMs during the course of an interactive conversation by sneaking in an undesirable instruction between benign ones. The approach has been codenamed Deceptive Delight by...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/21 4:49 a.m.37 views

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/15 3:47 p.m.14 views

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/10 1:27 p.m.26 views

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/02 5:31 a.m.11 views

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

A new set of malicious packages has been unearthed in the Python Package Index PyPI repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/30 6:25 a.m.22 views

North Korean Hackers Target Developers with Malicious npm Packages

Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27,...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/08/20 12:59 p.m.11 views

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...

7.1AI score
Exploits0
OSV
OSV
added 2024/08/15 3:15 p.m.7 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

7.8CVSS7.4AI score0.01773EPSS
Exploits0References2
NVD
NVD
added 2024/08/15 3:15 p.m.57 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

9.3CVSS0.01773EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/15 2:24 p.m.116 views

CVE-2024-7262 Arbitrary Code Execution in WPS Office

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

9.3CVSS7.5AI score0.01773EPSS
Exploits0References1
CVE
CVE
added 2024/08/15 2:24 p.m.291 views

CVE-2024-7262

Kingsoft WPS Office for Windows is affected by CVE-2024-7262 due to improper path validation in promecefpluginhost.exe. Versions 12.2.0.13110–12.2.0.16412 (exclusive) are exploitable via a weaponized, single-click embedded spreadsheet document that can load an arbitrary Windows library. Connected...

9.3CVSS7.5AI score0.01773EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/08/15 12:0 a.m.27 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

9.3CVSS6.9AI score0.01773EPSS
In wildExploits0References2
HackRead
HackRead
added 2024/07/11 6:45 p.m.13 views

New FishXProxy Phishing Kit Making Phishing Accessible to Script Kiddies

A new phishing kit, FishXProxy, makes it alarmingly easy for cybercriminals to launch deceptive attacks. Learn how it…...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/07/09 12:0 p.m.14 views

How do cryptocurrency drainer phishing scams work?

By Teoderick Contreras and Jose Hernandez of Splunk, with contributions from the Splunk Threat Research Team. Cryptodrainer scams have emerged as a significant threat in the cryptocurrency ecosystem, targeting unsuspecting individuals with the promise of easy profits while covertly siphoning thei...

7.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/06/26 5:3 p.m.27 views

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

7AI score
Exploits0
Veracode
Veracode
added 2024/05/28 10:10 a.m.18 views

Cross-site Request Forgery (CSRF)

Mattermost is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to a failure to validate post actions properly, allowing an attacker to run a playbook checklist task command as another user by creating and sharing a deceptive post action that unexpectedly runs a slash comman...

5.7CVSS7AI score0.00183EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/26 1:32 p.m.25 views

CVE-2024-36255 Post actions can run playbook checklist task commands

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

5.7CVSS7.1AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/26 1:32 p.m.26 views

CVE-2024-36255 Post actions can run playbook checklist task commands

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

5.7CVSS5.7AI score0.00183EPSS
Exploits0References1
CVE
CVE
added 2024/05/26 1:32 p.m.79 views

CVE-2024-36255

Mattermost CVE-2024-36255 involves improper input validation on post actions in affected releases, enabling an attacker to execute a playbook checklist task command as another user by crafting a deceptive post action that unexpectedly runs a slash command in an arbitrary channel. Affected version...

5.7CVSS5.7AI score0.00183EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/26 1:32 p.m.5 views

CVE-2024-36255 Post actions can run playbook checklist task commands

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

5.7CVSS6.4AI score0.00183EPSS
Exploits0References3
Rows per page
Query Builder