Apache OFBiz is an open source product for enterprise process automation. It includes framework components and business applications for ERP, CRM, e-commerce, supply chain management and manufacturing resource planning. There is a remote code execution vulnerability in Apache OFBiz before version 18.12.10. Because xml-RPC is no longer maintained, an authenticated attacker can use xml-RPC to conduct remote code execution exploits and control the server.

Guidance for any system provider using artificial intelligence (AI), whether those systems are created from scratch or built on tools and services provided by others.

Google Android 14 input method information disclosure vulnerability, due to side channel information leakage, there is a possible way to determine whether an application is installed without querying permissions. This may lead to local information disclosure without requiring additional execution permissions. Exploitation of this vulnerability requires no user interaction.

With the rise of generative AI models, the threat landscape has changed dramatically. Now another hacker has created a malicious AI tool called FraudGPT, which is specifically used for attack purposes, such as making spear phishing emails, creating cracking tools, carding, etc. The tool is currently for sale on various darknet markets and Telegram platforms. It is said to be "capable of generating a variety of network attack codes" and "more than 3,000 buyers have placed orders in less than a week."

A threat actor known for targeting targets in the Middle East has once again evolved its Android spyware and enhanced its capabilities to make it more stealthy and persistent, while concealing itself with seemingly innocuous app updates. Reports indicate that a new variant of the spyware has been…

Ukraine's main law enforcement and counterintelligence agency on Thursday revealed the true identities of five people it said were involved in the hack, believed to be part of a cyberespionage group called Gamaredon, and linked the members to Russia's Federal Security Service. Ukrainian security…

The U.S. Commerce Department on Wednesday added four companies, including Israeli spyware companies NSO Group and Candiru, to a list of entities engaged in "malicious cyber activity." The agency said the two companies were placed on the list based on "these entities...

Recently, researchers discovered that a patched critical remote code execution (RCE) vulnerability in GitLab's web page has been detected and exploited as a 0day in the wild, making a large number of Internet-facing GitLab instances extremely vulnerable to attacks. The risk…