vulnerabilities

I have vulns on a cannabis rewards platform, Allowing : account enumeration mass PII exposure Auth bypass for any accounts AND if the retailer has enabled point to gift card conversion, Balance multiplication (10x each dollar) I want 4 XMR - buyer pays escrow fee. Will give a balanced account...

The competitors set a record at Pwn2Own Ireland. The fourth day of the Pwn2Own Ireland 2024 competition ended with more than a million dollar prize money for discovering over 70 unique zero-day vulnerabilities in fully updated devices. During the competition, cybersecurity specialists checked...

White hackers are breaking the smart home and creating new banknotes. In Ireland, the third day of the Pwn2Own 2024 hacking competition continues, where white hat hackers have identified 11 new zero-day vulnerabilities. The prize pool of the event increased by $124,750 and reached $874,875...

Now anyone can look inside the system and test it for strength. Apple has introduced a Virtual Research Environment (VRE) for public access to the Private Cloud Compute (PCC) security test. In addition, the company has opened the source code of some key components for review by researchers to...

White hat hackers caused the organizers losses of half a million dollars, and this is great news. The Pwn2Own 2024 contest has started in Ireland, and the first day has already brought impressive results. For 52 unique 0day vulnerabilities, participants received a total of $516,250. The leader...

Vulnhuntr detects exploits faster than hackers create them. The new Vulnhuntr tool makes a breakthrough in finding vulnerabilities in open source projects. Developed by Protect AI, it uses the power of large language models (LLMs) to detect complex multi-stage vulnerabilities, including remote...

Against the backdrop of a constant increase in cyberattacks and a shortage of professional personnel in the field of information security, more and more organizations are coming to the need to launch bug bounty programs. Such programs allow attracting thousands of freelance security researchers...

The statistics of 0Day attacks hide a real digital pandemic. Google Mandiant analysts warn of a new trend: hackers are increasingly discovering and exploiting zero-day vulnerabilities in software. Experts studied 138 vulnerabilities identified in 2023, which were actively used in real attacks...

The vulnerabilities affect several of the company's popular products at once. Splunk, a leader in data analytics and monitoring, has disclosed 12 recent vulnerabilities in its Splunk Enterprise for Windows product that allow attackers to remotely execute code (RCE). On October 14, 2024, the...

Positive Technologies has compiled a digest of 7 trending mistakes that you need to pay attention to urgently. In September 2024, Positive Technologies specialists identified 7 key vulnerabilities that have become trending. Among them are security problems in Microsoft, Veeam, VMware, Roundcube...

Botnet cyberattacks target routers and IoT devices from well-known manufacturers. Last week, the agencies of the Five Eyes alliance, which includes the United States, the United Kingdom, Canada, Australia and New Zealand, issued a joint warning about cyberattacks related to the People's...

The problems affected both home and corporate solutions. ESET has fixed two privilege escalation vulnerabilities in its products for Windows and macOS operating systems. These vulnerabilities allowed attackers to gain unauthorized access to system resources. The first vulnerability, with the...

The company urges users to update their devices urgently. D-Link has fixed critical vulnerabilities in three popular wireless router models that could allow remote attackers to execute arbitrary code or gain access to devices using embedded credentials. Models that are in demand among users...

Microsoft and WordPress are at the epicenter of threats. In August 2024, Positive Technologies specialists identified six of the most dangerous vulnerabilities that require immediate elimination or compensatory measures. Five of these vulnerabilities were found in Microsoft products, and one...

On September Patch Tuesday, the company saved users from critical bugs. Microsoft released security updates as part of the September Patch Tuesday 2024 that address 79 vulnerabilities. Among them are 4 actively exploited (including 1 publicly disclosed) zero-day vulnerabilities. The update...

Who, why and how is engaged in the distribution of tools that can wipe out entire states from the face of the Earth? Have you ever wondered what it's like to be a hacker? In various movies and TV shows, we often see a hooded man hitting a keyboard, resulting in a lot of numbers and symbols...

Researchers have found more than 20 weaknesses in machine learning platforms. Cybersecurity researchers warn of significant risks associated with vulnerabilities in the machine learning (ML) software supply chain. For example, more than 20 vulnerabilities have recently been identified in a...

The Optimism Foundation returned the L2 network to a permissioned state after auditors identified vulnerabilities in the decentralized error proof mechanism. Introduced in early July, the permissionless Fault Proof solution allows users to challenge potentially fraudulent and incorrect...

CFR believes that Russia has fewer opportunities to fully protect its software. The American analytical center of the United States from the Council on Foreign Relations (CFR), as part of a study of the level of import substitution in the Russian Federation, called for studying the level of...

YARA integration and optimization of DNS / HTTP engines significantly improved the tool's performance. On the eve of the DEF CON 32 conference, a new release of BBOT 2.0 was presented, which promises to significantly simplify the use of the tool and speed up the scanning process. BBOT (Bighuge...