Kant's Times

Sliver C2 서버 취약점, TCP 하이재킹을 통한 트래픽 가로채기 가능

Sliver C2 Server Vulnerability Enables TCP Hijacking for Traffic Interception Sliver C2 Server Vulnerability Enables TCP Hijacking for Traffic InterceptionA significant vulnerability has been discovered in the Sliver C2 server, a popular open-source cross-platform adversary emulation.gbhackers.com 취약점 개요취약점 식별: CVE-2025-27090영향을 받는 소프트웨어: Sliver C2 서버(버전 v1.5.26부터 v1.5.42까지 및 v1.6.0의 커밋 0f340a2 ..

Parallels Desktop 0-Day 취약점, 루트 권한 상승 가능 (CVE-2024-34331)

Parallels Desktop 0-Day Exploit Enables Root Privileges – PoC Released Parallels Desktop 0-Day Exploit Enables Root Privileges – PoC ReleasedA critical zero-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed after seven months of unresolved reporting.gbhackers.com 취약점 개요Parallels Desktop 가상화 소프트웨어의 0-Day 취약점 공개공격자가 macOS 시스템에서 루트(root) 권한을 획득할 수 있음기존에 패치된 ..

Exim 메일 전송 취약점(CVE-2025-26794)으로 악성 SQL 주입 가능

Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQLA newly disclosed vulnerability in the Exim mail transfer agent (CVE-2025-26794) has sent shockwaves through the cybersecurity community.gbhackers.com 취약점 개요CVE-2025-26794: Exim 메일 전송 에이전트(MTA)의 SQL 주입(SQL Injection) 취약점공격자가 이메일 시스템을 손상시키고 데이터베이스를 조작할..

F5 BIG-IP 명령어 주입 취약점(CVE-2025-20029) PoC 익스플로잇 공개

PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability PoC Exploit Released for F5 BIG-IP Command Injection VulnerabilitySecurity researchers have disclosed critical details about CVE-2025-20029, a command injection vulnerability in F5’s BIG-IP Traffic Management Shell (TMSH) command-line interface.gbhackers.com 취약점 개요CVE-2025-20029: F5 BIG-IP의 트래픽 관리 셸(TMSH) 명령어 인터페이스에서 발견된 명령어 주입 취..

Nagios XI Flaw Exposes User Details and Emails to Unauthenticated Attackers" Nagios XI Flaw Exposes User Details and Emails to Unauthenticated Attackers"This high-severity flaw exposes organizations to heightened risks of phishing campaigns, credential-stuffing attacks.gbhackers.com 주요 취약점 개요Nagios XI 2024R1.2.2 버전에서 CVE-2024-54961 취약점 발견인증되지 않은 공격자가 웹 인터페이스를 통해 사용자 이름 및 이메일 주소와 같은 민감 정보를 획득할 수 ..

Critical Vulnerability in Fluent Bit Exposes Cloud Services to Potential Cyber Attacks Critical Vulnerability in Fluent Bit Exposes Cloud Services to Potential Cyber AttacksA widely adopted log processing and metrics collection tool part of the CNCF has exposed enterprise cloud infrastructures to DoS attacks.gbhackers.com 주요 취약점 개요Fluent Bit는 클라우드 네이티브 컴퓨팅 재단(CNCF)의 로그 처리 및 메트릭 수집 도구로 널리 사용됨CVE-..

U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog.securityaffairs.com 취약점 개요취약점 ID: CVE-2025-24989CVSS 점수: 8.2 (높은 위험도)취약점 유형: 잘못된 접근..

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalogU.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS vulnerabilities to its Known Exploited Vulnerabilities cat..

NVIDIA Container Toolkit Vulnerable to Code Execution Attacks NVIDIA Container Toolkit Vulnerable to Code Execution AttacksNVIDIA has issued a critical security update to address a high-severity vulnerability discovered in the NVIDIA Container Toolkit for Linux.gbhackers.com 취약점 개요NVIDIA가 Linux용 NVIDIA Container Toolkit의 고위험 취약점을 해결하기 위해 보안 업데이트를 발표CVE-2025-23359로 추적되는 이 취약점은 검사 시점-사용 시점 (TOCTOU..

ClearML and Nvidia vulns ClearML and Nvidia vulnsCisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia.  The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence tblog.talosintelligence.com 취약점 개요Cisco Talos의 취약점 발견 및 연구팀이 ClearML에서 2건, Nvidia에서 4건의 취약점을 공개모든..