Tag
The group seeks out aerospace professionals by impersonating job recruiters — a demographic it has targeted in the past as well — then deploys the SlugResin backdoor malware.
Ubuntu Security Notice 7103-1 - It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled parsing certain PDF files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
## Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ## Vendor: Decidim International Community Environment ### Has vendor confirmed: Yes ### Attack type: Remote ### Impact: Code Execution Escalation of Privileges Information Disclosure ### Affected component: A raw sql-statement that uses an interpolated variable exists in the admin_role_actions method of the `papertrail/version-model(app/models/decidim/decidim_awesome/paper_trail_version.rb`). ### Attack vector: An attacker with admin permissions could manipulate database queries in order to read out the database, read files from the filesystem, write files from the filesystem. In the worst case, this could lead to remote code execution on the server. Description of the vulnerability for use in the CVE [ℹ] (https://cveproject.github.io/docs/content/key-details- phrasing.pdf) : An improper neutralization of special elements used in an SQL command in the `papertrail/vers...
Attackers abuse concatenation, a method that involves appending multiple zip archives into a single file, to deliver a variant of the SmokeLoader Trojan hidden in malicious attachments delivered via phishing
Debian Linux Security Advisory 5808-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.
SteelFox malware targets software pirates through fake activation tools, stealing credit card data and deploying crypto miners. Learn…
The malware combines a miner and data stealer, and it packs functions that make detection and mitigation a challenge.
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
North Korean hackers are targeting cryptocurrency businesses with a sophisticated new malware campaign, dubbed “Hidden Risk.” Learn how…