Aggregator

bioRxiv и medRxiv больше не нужен внешний контроль.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited vulnerability in Microsoft Windows Management Console (MMC), tracked as CVE-2025-26633.  This improper neutralization flaw (CWE-707) enables remote attackers to execute arbitrary code over a network, posing significant risks to unpatched systems.  While its association with ransomware campaigns remains unconfirmed, […]

The post CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild appeared first on Cyber Security News.

Meta 开始测试第一款自研 AI 训练芯片，此举旨在减少对英伟达 AI 芯片的依赖。英伟达是最大的 AI 芯片供应商。Meta 在 2025 年的资本支出预计高达 650 亿美元，绝大部分是投向 AI 基础设施。Meta 的新训练芯片是一种专用加速器，只能处理特定于 AI 任务，但比 GPU 更节能。芯片由台积电代工。Meta 希望到 2026 年用自研 芯片训练 AI 系统。

Что нужно знать о последних обновлениях.

A vulnerability was found in softaculous Page Builder Plugin up to 1.9.8 on WordPress. It has been declared as critical. This vulnerability affects the function pagelayer_builder_posts_shortcode of the component Pagelayer. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-13430. The attack can be initiated remotely. There is no exploit available.

西安交大的研究人员在 GeroScience 上发表论文，利用英国生物银行（UK Biobank）的数据，依据临床特征估算了 156,690 人的生物年龄。他们将生物年龄与实际年龄的差值定义为表型年龄加速（Phenotypic Age Acceleration，PhenoAgeAccel），以此衡量生物衰老的加速情况。结果显示，空气污染与生物衰老正相关，而绿地与生物衰老负相关。

A vulnerability classified as problematic was found in Viral Signup Plugin up to 2.1 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-6927. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Page Builder Gutenberg Blocks Plugin up to 3.1.12 on WordPress. This issue affects some unknown processing of the component Block Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-7132. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Gutentor Plugin up to 3.3.5 on WordPress. Affected is an unknown function of the component Block Option Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-5417. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Vikinghammer Tweet Plugin up to 0.2.4 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-8043. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Smackcoders SendGrid for WordPress Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-43965. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in MagePeople Team Taxi Booking Manager for WooCommerce Plugin up to 1.0.9 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-43986. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9. Affected by this issue is some unknown functionality of the file admin_ads.php. The manipulation of the argument description leads to cross site scripting. This vulnerability is handled as CVE-2024-44919. The attack may be launched remotely. There is no exploit available.

A sophisticated backdoor malware called “Squidoor” being deployed by suspected Chinese threat actors against organizations across South America and Southeast Asia. The malware, designed for exceptional stealth, offers attackers multiple methods to maintain persistent access to compromised networks while evading detection from advanced security systems. Initial access is gained primarily through exploiting vulnerabilities in Internet […]

The post Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations appeared first on Cyber Security News.

Устаревшие уязвимости Microsoft Office становятся угрозой для глобальной безопасности.

Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable of breaking out of the Web Content sandbox, potentially leading to […]

The post Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks appeared first on Cyber Security News.