#backdoor

## Summary A critical remote OS command injection vulnerability has been identified in the Llama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure usage of the `Popen` function with `shell=True`, coupled with unsanitized user input. Immediate remediation is required to mitigate the risk. ## Affected Version Llama Factory versions **<=0.9.0** are affected by this vulnerability. ## Impact Exploitation of this vulnerability allows attackers to: 1. Execute arbitrary OS commands on the server. 2. Potentially compromise sensitive data or escalate privileges. 3. Deploy malware or create persistent backdoors in the system. This significantly increases the risk of data breaches and operational disruption. ## Root Cause The vulnerability originates from the training process where the `output_dir` value, obtained from the user input, is in...

In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.

The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.

Aqua Nautilus’ research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.…

People are receiving disturbing emails that appear to imply something has happened to their friend or family member.

Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.

When trying to download QuickBooks via a Google search, users may visit the wrong site and get an installer containing malware.

Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says.

Group-IB has uncovered Lazarus group’s stealthy new trojan and technique of hiding malicious code in extended attributes on…

The group seeks out aerospace professionals by impersonating job recruiters — a demographic it has targeted in the past as well — then deploys the SlugResin backdoor malware.