Aggregator

截止投稿日期：9月10日

The ICO has decided not to fine the British Library for a 2023 ransomware breach

For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its place, a new reality took hold—one defined by alert fatigue and overwhelmed teams. According to OX

Автопроизводители сами решают, кого сдать.

Russian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said. The activity is assessed to be the work of a

Получается, смартфоны были лишь разминкой?

История от фишинга к федеральному делу.

Приватность — это новая роскошь.

The FBI has released details of 42,000 phishing domains associated with the LabHost operation, in order to help the security community

Думали, ваш пароль с именем Ana гениален? Что ж, вы не одни...

SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its SMA100 Secure Mobile Access (SMA) appliances. SonicWall revealed that attackers actively exploited two security vulnerabilities, tracked as CVE-2023-44221 and CVE-2024-38475, in its SMA100 Secure Mobile Access appliances. Below are the descriptions of the two flaws: “During further analysis, SonicWall and trusted security partners identified an […]

Чем умнее ИИ, тем легче ему подсунуть вам вирус.

The impact of the advancement in quantum computing on cybersecurity will be a key focus at this year’s Infosecurity Europe event

Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6. The financially-motivated group targeted organizations in the media, […]

A vulnerability was found in WP Maps Plugin up to 4.7.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-3504. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP Maps Plugin up to 4.7.1 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-3503. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP Maps Plugin up to 4.7.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-3502. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Calculated Fields Form Plugin up to 5.2.61 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13381. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in libuv and Node.js up to nodejs_20.19.0+dfsg-1_i386.deb on Debian. Affected is an unknown function. The manipulation leads to reliance on machine-dependent data representation. This vulnerability is traded as CVE-2025-47153. It is possible to launch the attack remotely. There is no exploit available.