Aggregator

A vulnerability categorized as critical has been discovered in Auto Featured Image Plugin up to 4.1.7 on WordPress. This vulnerability affects the function upload_to_library. Such manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-10145. The attack can be launched remotely. No exploit exists.

Новый подход к операциям на спине даёт врачам данные о заживлении прямо из организма. И никаких батареек.

Operant AI’s security research team has uncovered Shadow Escape, a dangerous zero-click attack that exploits the Model Context Protocol to steal sensitive data through AI assistants. The attack works with widely used platforms, including ChatGPT, Claude, Gemini, and other AI agents that rely on MCP connections to access organisational systems. Unlike traditional security breaches requiring […]

The post Zero-Click Exploit Targets MCP and Linked AI Agents to Stealthily Steal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The New Reality for Lean Security Teams If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, and constant

A vulnerability was found in JDownloads Component up to 4.0.47 on Joomla. It has been classified as problematic. This vulnerability affects unknown code. This manipulation causes cross-site request forgery. This vulnerability appears as CVE-2025-55758. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Softing Industrial Automation smartLink HW-PN and smartLink HW-DP and classified as problematic. This affects an unknown part of the component Webserver. The manipulation results in deadlock. This vulnerability is reported as CVE-2025-10150. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in CCN-CERT microCLAUDIA up to 3.2.2 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to missing authentication. This vulnerability is documented as CVE-2025-41090. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as critical, was found in Softing Industrial Automation smartLink HW-PN and smartLink HW-DP. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to improper locking. This vulnerability is registered as CVE-2025-10151. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.51/6.16.11/6.17.1. Affected is the function dbitmap_grow. Performing manipulation results in double free. This vulnerability is cataloged as CVE-2025-40028. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.17.1. This impacts the function f2fs_truncate_hole of the file fs/f2fs/file.c. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2025-40025. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.17.1. This affects the function p9_read_work of the component KASAN. This manipulation causes race condition. This vulnerability is tracked as CVE-2025-40027. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.17.1. The impacted element is the function complete_emulated_io of the component KVM. The manipulation results in permission issues. This vulnerability is identified as CVE-2025-40026. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.

Svenska kraftnät, Sweden’s primary electricity transmission system operator, has confirmed a significant data breach on October 26, 2025. The incident has drawn attention from cybersecurity experts and government authorities as it involves critical infrastructure responsible for managing the nation’s power distribution network. The Swedish power grid operator publicly acknowledged the security incident, revealing that attackers […]

The post Swedish Power Grid Operator Confirms Data Breach Following Everest Ransomware Gang Claim appeared first on Cyber Security News.

360预警：路由器DNS劫持攻击持续高发，政企需及时加固

企业级智能体落地的中国方案

唯一双料获奖，360AI+安全实力再获权威认可

锦行科技凭借“基于智能协同演化技术的攻防演练平台研发及产业化项目”，在145个申报项目中脱颖而出，成为最终入选的49个项目之一。

锦行科技成功通过2025年专精特新“小巨人”企业复核，正式延续国家级专精特新“小巨人”企业荣誉称号！

Mass exploitation attacks are once again targeting WordPress websites, this time through serious vulnerabilities in two popular plugins,…