Steering LLM Viewpoints through Fabricated Evidence Injection

As chatbots increasingly influence daily decision-making, their potential to produce misleading responses poses substantial risks to users. This paper investigates a critical cognitive vulnerability in LLMs: their tendency to uncritically trust external context when presented with fabricated...

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter aka UAC-0057 and UNC1151 has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine CERT-UA,...

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particular...

EUVD-2025-15722

Malicious code in bioql PyPI...

CVE-2025-23988

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4...

CVE-2025-23988

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4...

CVE-2025-23988 WordPress ghostwriter theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4...

CVE-2025-23988 WordPress ghostwriter theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruno Cavalcante ghostwriter ghostwriter allows Reflected XSS.This issue affects ghostwriter: from n/a through = 1.4...

CVE-2025-23988

The CVE-2025-23988 entry concerns the WordPress Ghostwriter theme (Ghostwriter: from n/a through 1.4) with a Reflected Cross-Site Scripting vulnerability. Public docs describe improper input neutralization during web page generation, enabling reflected XSS. The connected sources confirm the issue...

WordPress plugin Ghostwriter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-22009 · Unknown · Ghostwriter

Name of the Vulnerable Software and Affected Versions: Ghostwriter versions n/a through 1.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

DEBIAN-CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

WordPress ghostwriter theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme ghostwriter versions = 1.4...

Fedora: Security Advisory (FEDORA-2023-d1e9e62a92)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw

A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat APT. Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light i...

Fedora 39 : ghostwriter (2023-d1e9e62a92)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d1e9e62a92 advisory. Automatic update for ghostwriter-23.03.90-2.fc39. Changelog Sat Apr 1 2023 Vitaly Zaitsev - 23.03.90-2 - Switched to Ninja. - Explicitly set Release...

Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure

The Computer Emergency Response Team of Ukraine CERT-UA on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates th...

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023,...

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Ghostwriter – a threat actor previously linked with the Belarusian Ministry of Defense – has glommed onto the recently disclosed, nearly invisible “Browser-in-the-Browser” BitB credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine. In a Wednesday post,...