#mac

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.

### Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. ### Patches The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them: https://github.com/pytorch/serve/pull/2634 TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability: https://github.com/pytorch/serve/releases/tag/v0.9.0 ### References https://github.com/pytorch/serve/pull/2634 https://github.com/pytorch/serve/releases/tag/v0.9.0 ### Credit We would like to thank Oligo Security for responsibly disclosing this issue. If you have any questions or comments about this advi...

An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking.

By Deeba Ahmed LummaC2 is back as LummaC2 v4.0. This is a post from HackRead.com Read the original post: LummaC2 v4.0 Malware Stealing Data with Trigonometry to Detect Human Users

By Owais Sultan Millions of players will enter web3 gaming thanks to a new partnership between READYgg and Aptos Labs realized… This is a post from HackRead.com Read the original post: READYgg Onboards 15 Million Web2 Players into Web3 in Partnership with Aptos Labs

In this article, we will provide a brief overview of Silverfort's platform, the first (and currently only) unified identity protection platform on the market. Silverfort’s patented technology aims to protect organizations from identity-based attacks by integrating with existing identity and access management solutions, such as AD (Active Directory) and cloud-based services, and extending secure

Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. “These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery,” Cofense said in a report

The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until human mouse activity is detected," Outpost24 security researcher Alberto Marín said in a technical

An Indian hack-for-hire group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage, surveillance, and disruptive operation for over a decade. The Appin Software Security (aka Appin Security Group), according to an in-depth analysis from SentinelOne, began as an educational startup offering offensive security training programs, while

By Deeba Ahmed Scammers taking advantage of a humanitarian crisis? Well, who saw that coming... This is a post from HackRead.com Read the original post: Crypto Scammers Exploit Gaza Crisis, Deceiving Users in Donation Scam