Lucene search
K

42 matches found

The Hacker News
The Hacker News
added 2026/05/19 5:28 a.m.17 views

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper , to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has...

6.2AI score
Exploits0
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.3 views

Apache NimBLE 安全漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A security vulnerability exists in Apache NimBLE versions 1.8.0 and earlier, whi...

8.1CVSS6.5AI score0.00371EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-23365

Malware in sbrugna...

5.9CVSS5AI score0.00207EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-50690

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00413EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 5:19 a.m.3 views

CVE-2023-21242

In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS7.4AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:27 a.m.7 views

CVE-2022-47976

The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections...

7.5CVSS6.9AI score0.00413EPSS
Exploits0
Talos Blog
Talos Blog
added 2025/02/27 7:3 p.m.8 views

Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome

Welcome to this week's edition of the Threat Source newsletter. Hello again my friends! Geez, it's been a year am I right? Lemons its February you say?! Oof. Imposter syndrome. You've heard the term I'm sure, but what is it? Basically: imposter syndrome is the persistent feeling of self-doubt and...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/17 2:0 p.m.5 views

Take Command of Your Career: Practicing Self-Advocacy as a Woman in Tech

As the year draws to a close, it’s essential—and often expected—to reflect on our achievements and lessons learned in preparation for annual performance reviews and setting future goals.For women in tech, this reflection period can be an especially powerful tool. The industry often demands that...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/11/20 9:31 a.m.10 views

AI Granny Daisy takes up scammers’ time so they can’t bother you

A mobile network operator has called in the help of Artificial Intelligence AI in the battle against phone scammers. Virgin Media O2 in the UK has built an AI persona called Daisy with the sole purpose of keeping scammers occupied for as long as possible. Basically, until the scammers give up,...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/10/10 5:56 a.m.9 views

Imposter syndrome in cyber security

TL;DR Imposter syndrome is the belief that you are undeserving of your achievements Anyone can be affected by it There are ways to cope What is imposter syndrome? Imposter syndrome is the psychological pattern in which a person downplays their achievements and believes that they are secretly a...

7.3AI score
Exploits0
NVD
NVD
added 2023/08/14 9:15 p.m.34 views

CVE-2023-21242

In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS9.4AI score0.00439EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/14 8:58 p.m.10 views

CVE-2023-21242

In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.3AI score0.00439EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/14 8:58 p.m.37 views

CVE-2023-21242

In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.6AI score0.00439EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/28 12:15 a.m.3 views

Malicious code in imposter-pkg-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e5127f46671b090bf9ac113a3ff87f19d522e0ec80dda844332b9625b30ecf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/07/28 12:15 a.m.6 views

MAL-2023-521 Malicious code in imposter-pkg-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e5127f46671b090bf9ac113a3ff87f19d522e0ec80dda844332b9625b30ecf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2023/04/21 8:15 p.m.161 views

US Facebook users can now claim Cambridge Analytica settlement cash

US-based Facebook users can now claim a piece of the enormous settlement payment by Meta, Facebook's parent company, over the Cambridge Analytica scandal. This news follows Meta agreeing to pay $725 million in December 2022 to settle the longstanding class action lawsuit filed by Lauren Price in...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/23 6:25 a.m.57 views

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index PyPI repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib...

Exploits0
The Hacker News
The Hacker News
added 2023/02/23 6:25 a.m.3 views

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index PyPI repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib...

6.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.3 views

SUSE CVE-2021-36781

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1...

4.4CVSS4.9AI score0.00207EPSS
Exploits1References3
OSV
OSV
added 2023/01/06 8:15 p.m.2 views

CVE-2022-47976

The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections...

7.5CVSS5.8AI score0.00413EPSS
Exploits0References2
Rows per page
Query Builder