Aggregator

Cyber Agency Urges Critical Infrastructure Operators to Migrate Within the Deadline
The British cybersecurity agency urged critical infrastructure operators to adopt to post-quantum cryptography by 2035 as it and other government agencies prepare for the inevitability of quantum computers capable of breaking current encryption algorithms.

A vulnerability was found in Link My Posts Plugin up to 1.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13881. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in My Quota Plugin up to 1.0.8 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13880. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Passbeemedia Web Push Notification Plugin up to 1.0.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13877. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SpotBot Plugin up to 0.1.8 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13878. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP-PManager Plugin up to 1.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13875. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in mEintopf Plugin up to 0.2.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13876. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Vmware Spring Security up to 6.4.3. It has been rated as critical. This issue affects the function BCryptPasswordEncoder.matches of the component Long Password Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-22228. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the Defense Forces of Ukraine. The activity involves

Why Are Facilities Caring for the Elderly 'Targets of Opportunity' For Cybercrime?
More than a half dozen nursing homes and rehabilitation centers have reported an assortment of major hacks in the last month affecting a total of more than 130,000 individuals. What makes facilities caring for elderly and disabled patients an attractive and vulnerable target to cybercriminals?

Over 10K Exploit Attempts Recorded in a Week From a Single Malicious IP
Hackers are exploiting a vulnerability in ChatGPT's infrastructure to redirect users to malicious websites, with security researchers recording more than 10,000 exploit attempts in a week from a single malicious IP address. The financial sector has borne the brunt of the attacks.

'Dogequest' Site Provided Tesla Owners Addresses, Names and Phone Numbers
The White House slammed a website that purported to reveal the names, addresses and phone numbers of Tesla owners - unless they showed proof of selling their vehicles made by Elon Musk's car company - amid growing criticism over his efforts to sharply reduce the size of the federal government.

Cyber Agency Urges Critical Infrastructure Operators to Migrate Within the Deadline
The British cybersecurity agency urged critical infrastructure operators to adopt to post-quantum cryptography by 2035 as it and other government agencies prepare for the inevitability of quantum computers capable of breaking current encryption algorithms.

A vulnerability was found in smub Custom Twitter Feeds Plugin up to 2.2.5 on WordPress. It has been declared as problematic. This vulnerability affects the function ctf_clear_cache_admin. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-1314. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in themewinter Eventin Plugin up to 4.0.24 on WordPress. It has been classified as problematic. This affects the function payment_complete of the component Ticket Payment Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-1766. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in themewinter Eventin Plugin up to 4.0.24 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument style leads to path traversal. This vulnerability is handled as CVE-2025-1770. The attack may be launched remotely. There is no exploit available.

Kali Linux, the renowned cybersecurity-focused Linux distribution, has just ushered in the new year with the release of Kali Linux 2025.1a. This update builds upon the existing features, offering myriad enhancements and improvements designed to give users a streamlined experience. Whether you’re already a seasoned Kali user or about to dive into the world of […]

The post Kali Linux 2025.1a Released: New Tools and Desktop Environment Upgrades appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅