Aggregator

A vulnerability classified as problematic was found in Social Media Share Buttons & Social Sharing Icons Plugin up to 2.9.0 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-10362. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical

166 заражённых в России и сотни атак по СНГ: вредонос Blitz проникает в наборах для «прокачки» персонажей и оружия.

Security teams are leaning hard into AI, and fast. A recent survey of 500 senior cybersecurity pros at big U.S. companies found that 86% have ramped up their AI use in the past year. The main reason? They’re trying to keep up with a surge in AI-powered attacks. But even as AI tools help with tasks like threat detection and data analysis, the pressure on security teams is getting worse. Nearly 70% of respondents say … More →

The post AI threats leave SecOps teams burned out and exposed appeared first on Help Net Security.

Black Kite announced AI-powered cyber assessments, an automated solution for streamlining third-party cyber risk assessments. With its automation-led approach, Black Kite is redefining how enterprises assess risk across their vendor ecosystems to make informed decisions and bring cyber resilience to their supply chain. “Managing cyber ecosystem risks is complex, and all too often, enterprises are further challenged by cyber assessment processes that do not work in today’s environment,” said Chuck Schauber, CPO, Black Kite. “In … More →

The post Black Kite unveils AI-powered cyber assessments appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in Smash Balloon Custom Facebook Feed Plugin up to 4.3.1 on WordPress. Affected by this issue is some unknown functionality of the component Attribute Handler. The manipulation of the argument data-color leads to cross site scripting. This vulnerability is handled as CVE-2025-4577. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ultimate Blocks Plugin up to 3.3.3 on WordPress. Affected by this vulnerability is an unknown functionality of the component Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-2918. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Premium Addons for Elementor Plugin up to 4.11.8 on WordPress. Affected is an unknown function of the component Countdown Widget. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-4774. It is possible to launch the attack remotely. There is no exploit available.

Почтовый сервер, которому доверяло полмира, оставался беззащитным на протяжении десятилетия.

A vulnerability was found in Caido up to 0.47.x. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to authentication bypass by spoofing. The identification of this vulnerability is CVE-2025-49004. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD Platform Loader and Manager. It has been declared as problematic. This vulnerability affects unknown code of the component PLM Runtime Service. The manipulation leads to improper input validation. This vulnerability was named CVE-2025-0037. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in SAP UI5 applications up to UI_700 200. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-42990. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in SAP NetWeaver Application Server for ABAP 7.89/7.93/9.14/9.15 and classified as problematic. Affected by this issue is some unknown functionality of the component RFC Inbound Handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-42989. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

In this Help Net Security video, Eoin Wickens, Director of Threat Intelligence at HiddenLayer, explores the security risks posed by agentic AI. He breaks down how agentic AI functions, its potential to revolutionize business operations, and the vulnerabilities it introduces, such as prompt injection and excessive system privileges. Wickens offers real-world attack examples, explains why traditional security practices need rethinking, and outlines practical steps to mitigate risk. Learn why monitoring, logging, and privilege scoping are … More →

The post Securing agentic AI systems before they go rogue appeared first on Help Net Security.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Jason McFadyen of Trend Research' was reported to the affected vendor on: 2025-06-10, 84 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Jason McFadyen of Trend Research' was reported to the affected vendor on: 2025-06-10, 84 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Jan-Niklas Sohn' was reported to the affected vendor on: 2025-06-10, 85 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Zeze and Sharkkcode with TeamT5' was reported to the affected vendor on: 2025-06-10, 85 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'p33zy' was reported to the affected vendor on: 2025-06-10, 86 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'shandikri' was reported to the affected vendor on: 2025-06-10, 49 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.