![]() |
Description: Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.
January 14th, 2025 (6 months ago)
|
![]() |
Description: Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
January 14th, 2025 (6 months ago)
|
![]() |
Description: Microsoft's January 2025 Patch Tuesday update addresses 159 vulnerabilities, including three previously undisclosed actively exploited zero-day vulnerabilities. The update is applicable to Windows 11 OS Builds 22621.4751 and 22631.4751 and is part of Microsoft's ongoing effort to secure its flagship operating system against emerging threats. New zero-day flaws Microsoft has confirmed three vulnerabilities under active …
The post Windows January 2025 Patch Tuesday Fixes 159 Vulnerabilities appeared first on CyberInsider.
January 14th, 2025 (6 months ago)
|
CVE-2025-23081 |
Description: Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-23081
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DataTransfer/+/1080451
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DataTransfer/+/1093931
https://gerrit.wikimedia.org/r/q/I5e1538a3bf66378810f905834c05626e1d2c82f0
https://gerrit.wikimedia.org/r/q/I773c616db781d2f3f30893ad01ef503bf251a2b3
https://gerrit.wikimedia.org/r/q/I7c9de4c8dcdb3276ba923c6bc7c8eef3531324c7
https://gerrit.wikimedia.org/r/q/I9223c31f02f31f1e06e1a8cddf7d539cc8d3a3d9
https://phabricator.wikimedia.org/T379749
https://github.com/advisories/GHSA-c3h5-h73c-29hq
EPSS Score: 0.04%
January 14th, 2025 (6 months ago)
|
CVE-2024-45627 |
Description: Affected versions:
Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0
Description:
In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.6.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.7.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-45627
https://lists.apache.org/thread/0zzx8lldwoqgzq98mg61hojgpvn76xsh
http://www.openwall.com/lists/oss-security/2025/01/14/1
https://github.com/advisories/GHSA-8cvq-3jjp-ph9p
EPSS Score: 0.04%
January 14th, 2025 (6 months ago)
|
![]() |
Description: [Darknetlive Archive] Opiates Vendor "DopeKingUSA" Imprisoned for Distributing Fentanyl
January 14th, 2025 (6 months ago)
|
![]() |
Description: A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...]
January 14th, 2025 (6 months ago)
|
![]() |
Description: North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. [...]
January 14th, 2025 (6 months ago)
|
![]() |
January 14th, 2025 (6 months ago)
|
![]() |
Description: Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. [...]
January 14th, 2025 (6 months ago)
|