Aggregator

A vulnerability identified as problematic has been detected in Plausible Tracking up to 1.0.1 on Drupal. The impacted element is an unknown function. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-10927. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in JSON Field up to 1.4 on Drupal. The affected element is an unknown function. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-10926. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Acquia DAM up to 1.1.4 on Drupal. It has been rated as critical. Impacted is an unknown function. The manipulation leads to missing authorization. This vulnerability is listed as CVE-2025-9954. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in CivicTheme Design System up to 1.11.x on Drupal. It has been declared as critical. This issue affects some unknown processing. Executing manipulation can lead to incorrect authorization. This vulnerability is tracked as CVE-2025-12082. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Access Code up to 2.0.4 on Drupal. It has been classified as problematic. This vulnerability affects unknown code. Performing manipulation results in improper restriction of excessive authentication attempts. This vulnerability is identified as CVE-2025-10928. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Liferay Portal and DXP and classified as problematic. This affects an unknown part. Such manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is referenced as CVE-2025-62257. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in Simple OAuth & OpenID Connect up to 6.0.6 on Drupal and classified as critical. Affected by this issue is some unknown functionality. This manipulation causes authentication bypass using alternate channel. The identification of this vulnerability is CVE-2025-12466. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

提供辅助写作工具的 Grammarly 公司宣布改名为 Superhuman，但目前会仍然保留现有产品名称。Grammarly 公司在今年 7 月收购了名叫 Superhuman 的邮件客户端，该客户端采用了订阅制商业模式。Superhuman 公司同时推出了名叫 Superhuman Go 的 AI 助手，能与 Gmail、Jira 和 Google Drive 等工具集成，增强写作能力和自动化生产力任务。Superhuman 表示计划引入更多功能，使 AI 助手能从 CRM 和内部系统等来源获取数据，为邮件内容提供修改建议。

好的，用户让我总结这篇文章的内容，控制在100字以内。首先，我需要快速阅读文章，抓住主要信息。 文章提到Grammarly改名为Superhuman，但产品名称不变。接着，他们收购了Superhuman邮件客户端，采用订阅制。还推出了AI助手Superhuman Go，能集成Gmail、Jira和Google Drive等工具，提升写作和自动化任务。未来计划引入更多功能，让AI从CRM和内部系统获取数据，提供邮件修改建议。 现在要将这些信息浓缩到100字以内。要确保包含公司改名、收购、产品名称保留、新AI助手的功能以及未来的计划。 可能的结构：Grammarly改名为Superhuman，保留现有产品名称。收购邮件客户端Superhuman，并推出AI助手Superhuman Go，集成多种工具，提升写作和自动化能力。计划扩展功能，从更多数据源获取信息以优化邮件内容。 检查字数是否在限制内，并确保语言简洁明了。 Grammarly更名为Superhuman并保留现有产品名称。公司收购了Superhuman邮件客户端，并推出AI助手Superhuman Go，支持与Gmail、Jira和Google Drive集成以提升写作和自动化能力。未来计划扩展AI功能，从CRM等系统获取数据以优化邮件内容。

Even with strong wireless encryption, privacy in connected homes may be thinner than expected. A new study from Leipzig University shows that someone in an adjacent apartment could learn personal details about a household without breaking any encryption. By monitoring the wireless traffic of nearby smart devices, the “nosy neighbor” can infer what people are doing, when they are home, and even which room they are in. Listening through the wall The researcher tested what … More →

The post How neighbors could spy on smart homes appeared first on Help Net Security.

Кластер на 500 тысяч чипов развёрнут в рекордные сроки.

Midsize Businesses Need Skilled Professionals as Threat Actors Shift Their Tactics
As large enterprises continue to strengthen their defenses and reduce ransom payouts, ransomware operators are redirecting their attention toward midsize organizations. This shift has increased the urgency for adaptable, well-trained cyber professionals who can tailor enterprise-grade protections.

US Cites Risk of Treaty Being Weaponized by Authoritarian Regimes, Privacy Concerns
The U.S. declined to sign the new U.N. cybercrime convention despite support from 72 nations and its backing by Russia and China over fears it could be exploited by authoritarian states to legitimize surveillance, censor dissent and pressure cross-border data cooperation.

2nd Round of Layoffs Since 2022 Comes 2 Months After $150M Email Security Purchase
Varonis cut 5% of its workforce and saw its stock price nosedive after disclosing a sharp drop in renewal rates for its on-premise subscription business. The underperformance of the federal vertical caused a notable headwind for Varonis despite it accounting for just 5% of annual recurring revenue.

Azure Outage Comes a Week After a Cloud DNS Error Disrupted AWS Users
Microsoft's Azure cloud and 365 systems suffered an outage at noon on Wednesday because of a configuration error - hours before its quarterly earnings call and about a week after rival AWS underwent a widespread outage that shut down applications and services for most of the day.

Midsize Businesses Need Skilled Professionals as Threat Actors Shift Their Tactics
As large enterprises continue to strengthen their defenses and reduce ransom payouts, ransomware operators are redirecting their attention toward midsize organizations. This shift has increased the urgency for adaptable, well-trained cyber professionals who can tailor enterprise-grade protections.

2nd Round of Layoffs Since 2022 Comes 2 Months After $150M Email Security Purchase
Varonis cut 5% of its workforce and saw its stock price nosedive after disclosing a sharp drop in renewal rates for its on-premise subscription business. The underperformance of the federal vertical caused a notable headwind for Varonis despite it accounting for just 5% of annual recurring revenue.

Azure Outage Comes a Week After a Cloud DNS Error Disrupted AWS Users
Microsoft's Azure cloud and 365 systems suffered an outage at noon on Wednesday because of a configuration error - hours before its quarterly earnings call and about a week after rival AWS underwent a widespread outage that shut down applications and services for most of the day.

嗯，用户让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。直接写描述就行。那我得先仔细看看这篇文章讲的是什么。 文章一开始提到作者在寻找一款完美的笔记软件，但没有找到。现有的软件大多偏向正式的知识整理，不太适合记录生活中的零碎想法。比如吐槽、突然想到的点子、旅行清单等等。这些小念头用传统笔记软件记录起来感觉很麻烦，分类不清，记录欲望就没了。 于是作者开发了一款极简笔记应用叫Re:card。这款应用的特点是极简设计，不需要预先分类和整理，用户可以直接记录想法，每条想法以卡片形式存在。卡片可以自由组合、关联，形成思维网络。Re:card还支持多种视图浏览，帮助用户发现隐藏的关联和价值。 文章还提到Re:card的待办系统和时间维度的设计，帮助用户管理任务和回顾旧想法。数据安全方面，所有信息都存储在本地设备和iCloud上，不上传第三方服务器。 总结一下，这篇文章主要介绍了Re:card这款笔记应用的设计理念和功能特点，强调了捕捉零碎想法的重要性，并提供了一种自然、灵活的记录方式。 现在要把这些内容浓缩到100字以内。需要抓住几个关键点：寻找完美笔记软件未果；Re:card的特点（极简、卡片式、自由组合、时间视图）；捕捉零碎想法的价值；数据安全。 可能的表达方式：介绍Re:card作为一款极简笔记应用，强调其卡片式设计、自由组合、多维度浏览功能以及数据安全措施。 再检查一下是否符合要求：不超过100字，直接描述内容。 本文介绍了作者开发的极简笔记应用「Re:card」的设计理念与功能特点。该应用采用卡片式设计与渐进式组织方式，支持用户自由记录零碎想法并自然建立关联。通过多种视图浏览与时间维度设计，帮助用户发现思维价值并沉淀灵感。同时注重数据安全与隐私保护。

In this Help Net Security interview, Andree Noel, Deputy CISO at City of Toronto, discusses how the municipality strengthens its cyber defense by embedding security into strategic objectives and digital governance. She outlines the City’s approach to addressing evolving threats and modernizing legacy systems. Noel also shares how data-driven metrics guide leadership in advancing municipal cyber resilience. How do you translate the City of Toronto’s strategic objectives into a cyber security risk framework? The City … More →

The post How the City of Toronto embeds security across governance and operations appeared first on Help Net Security.