47 matches found
Synthetic Trust Attacks: Modeling How Generative AI Manipulates Human Decisions in Social Engineering Fraud
Imagine receiving a video call from your CFO, surrounded by colleagues, asking you to urgently authorise a confidential transfer. You comply. Every person on that call was fake, and you just lost $25 million. This is not a hypothetical. It happened in Hong Kong in January 2024, and it is becoming...
EUVD-2021-21542
Malware in sbrugna...
EUVD-2018-7209
Malware in sbrugna...
EUVD-2013-7077
Malware in sbrugna...
EUVD-2014-1350
Malware in sbrugna...
EUVD-2024-51304
Malicious code in bioql PyPI...
CVE-2013-5193
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a 1 App purchase or 2 In-App purchase by leveraging previous entry of Apple ID credentials...
From Inventory to Influence: How CAASM Shifts Security’s Leverage
Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Most security teams already know...
CVE-2025-2761
CVE-2025-2761 — GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution . The vulnerability affects GIMP and stems from insufficient validation during FLI file parsing, causing a write past the end of an allocated buffer and enabling code execution in the victim process. Exploitation requ...
CVE-2025-1118
CVE-2025-1118 affects grub2 where the dump command is not blocked in lockdown/Secure Boot mode, allowing a local attacker to read arbitrary memory (signatures, salts, and other sensitive data). The issue is tied to grub2 memory access during lockdown and memory leakage from the dump/read path. Pu...
Delta Electronics CNCSoft-G2 DOPSoft DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2024-23124 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...
Malicious code in mux-leverage-protocol (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b12623ebfedef36fcab6ff1f92426346cafe3c214979943b5a2be849cf35a9d3 The OpenSSF Package Analysis project identified 'mux-leverage-protocol' @ 1.999.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-8747 Malicious code in mux-leverage-protocol (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b12623ebfedef36fcab6ff1f92426346cafe3c214979943b5a2be849cf35a9d3 The OpenSSF Package Analysis project identified 'mux-leverage-protocol' @ 1.999.0 npm as malicious. It is considered malicious because: - The...
Taking deposits hostage
Lines of code Vulnerability details Impact An initial attacker can gain the power to hold subsequent deposits into StakedUSDeV2 hostage, and release them at will e.g. for a ransom. Proof of concept The checkMinShares requirement called after any withdrawal and deposit function checkMinShares...
GeVault#poolMatchesOracle is extemely easy to manipulate due to how it calculates underlying token balances
Lines of code Vulnerability details Impact GeVaultpoolMatchesOracle uses the UniV3Pool.slot0 to determine the number of tokens it has in it's position. slot0 is the most recent data point and is therefore extremely easy to manipulate. Given that the protocol specializes in leverage, the effects o...
CVE-2023-35695
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security Enterprise 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product...
Ransomware attackers email bemused students as leverage for a payout
The University of Manchester has fallen victim to a ransomware gang, who are currently applying an interesting twist to their attack. Blackmail and pressure are two ways to extract funds from potential victims. We see this in sextortion cases, as well as in social engineering. Here, the fraudster...
GHSA-66C9-XRWJ-9XV6 Magento Open Source affected by Improper Input Validation
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's...
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo
Malicious actors are constantly adapting their tactics, techniques, and procedures TTPs to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence a...