Tag: exploits

  • Hacker News: Sound & Efficient Generation of DOP Exploits via Programming Language Synthesis [pdf]

    Source URL: https://ilyasergey.net/assets/pdf/papers/doppler-usenix25.pdf Source: Hacker News Title: Sound & Efficient Generation of DOP Exploits via Programming Language Synthesis [pdf] Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a novel approach to generating data-oriented exploits through a technique called Programming Language Synthesis (PLS). This method improves the efficiency and soundness of exploit…

  • The Register: VMware plugs steal-my-credentials holes in Cloud Foundation

    Source URL: https://www.theregister.com/2025/01/30/vmware_infomration_disclosure_flaws/ Source: The Register Title: VMware plugs steal-my-credentials holes in Cloud Foundation Feedly Summary: Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom’s virtualization giant Broadcom has fixed five flaws, collectively deemed “high severity," in VMware’s IT operations and log management tools within Cloud Foundation, including two information disclosure bugs…

  • Alerts: CISA Releases Eight Industrial Control Systems Advisories

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/30/cisa-releases-eight-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Eight Industrial Control Systems Advisories Feedly Summary: CISA released eight Industrial Control Systems (ICS) advisories on January 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-030-01 Hitachi Energy UNEM ICSA-25-030-02 New Rock Technologies Cloud Connected Devices ICSA-25-030-03 Schneider Electric…

  • The Register: Wacom says crooks probably swiped customer credit cards from its online checkout

    Source URL: https://www.theregister.com/2025/01/30/wacom_data_loss/ Source: The Register Title: Wacom says crooks probably swiped customer credit cards from its online checkout Feedly Summary: Digital canvas slinger indicates dot-com was skimmed for over a month Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff…

  • Cisco Talos Blog: Whatsup Gold, Observium and Offis vulnerabilities

    Source URL: https://blog.talosintelligence.com/whatsup-gold-observium-offis-vulnerabilities/ Source: Cisco Talos Blog Title: Whatsup Gold, Observium and Offis vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.   These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/29/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors…

  • The Register: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet

    Source URL: https://www.theregister.com/2025/01/29/ddos_attacks_aquabot_mitel/ Source: The Register Title: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet Feedly Summary: And now you won’t stop calling me, I’m kinda busy A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled…