Aggregator

A vulnerability was found in WPLegalPages Plugin up to 2.9.2 on WordPress. It has been classified as problematic. This affects an unknown part of the component Shortcode Handler. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2023-4968. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Icegram Express Plugin up to 5.6.23 on WordPress. Affected by this issue is some unknown functionality. Such manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2023-5414. The attack can be launched remotely. No exploit exists.

A vulnerability was found in WPvivid Plugin up to 0.9.91 on WordPress. It has been declared as problematic. This issue affects some unknown processing of the component Google Drive Client Secret Handler. The manipulation results in information disclosure. This vulnerability is identified as CVE-2023-5576. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Sitekit Plugin up to 1.4 on WordPress. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. Executing a manipulation of the argument sitekit_iframe can lead to cross site scripting. The identification of this vulnerability is CVE-2023-5071. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as problematic has been detected in Coupon Creator Plugin up to 3.1 on WordPress. This issue affects the function save_meta. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2020-36751. It is possible to initiate the attack remotely. There is no exploit available.

Cloudflare’s global network has officially crossed 500 Tbps of external capacity, enough to route more than 20% of the web and absorb the largest DDoS attacks ever recorded.

A serious security flaw found inside a widely used Android library called EngageSDK has put over 30 million cryptocurrency wallet users at risk of financial theft and personal data exposure. The vulnerability, described as an intent redirection flaw, allowed malicious apps on the same device to break through Android’s built-in security sandbox and gain unauthorized […]

The post EngageSDK Vulnerability Exposes Millions of Crypto Wallet Users to Cyberattacks appeared first on Cyber Security News.

CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server

2026 年 4 月 7 日，Anthropic 联合 Apple、Google、Microsoft 等 45 家机构发布 Project Glasswing 计划，并宣布其尚未公开发行的前沿模型 Claude Mythos Preview 在所有主要操作系统和浏览器中发现了数千个…

A financially motivated threat group called Storm-2755 has launched a campaign that quietly reroutes employee salary payments to attacker-controlled bank accounts. Targeting Canadian workers, the group uses adversary-in-the-middle (AiTM) techniques to hijack authenticated sessions and bypass multi-factor authentication (MFA), in what researchers have labeled “payroll pirate” attacks.​ The campaign starts with SEO poisoning and malvertising. […]

The post Hackers Use AiTM Session Hijacking to Redirect Employee Salaries in New Storm-2755 Campaign appeared first on Cyber Security News.

Теперь ИИ будут выдавать только по паспорту.

A U.K. communications regulator, Ofcom, has said it will be cracking down on the spread of the images in the aftermath of the Grok scandal, which led to millions of “nudified” images of women and children to be circulated worldwide.

Drift officials said the operation began six months ago, when they were approached at a cryptocurrency conference by members of a company claiming to focus on quantitative trading.

Google has expanded its encryption capabilities in Gmail to mobile devices, enabling enterprise customers to transmit encrypted emails directly within the app on both Android and iOS. The update removes a limitation that previously restricted native encrypted email use on mobile devices. The rollout allows eligible users to compose and read encrypted messages natively, without..

The post Google Extends Gmail Encryption to Mobile, but Limits Access to Enterprise Tier appeared first on Security Boulevard.

France has taken a decisive step toward digital sovereignty, announcing plans to migrate government workstations from Microsoft Windows to Linux. The move was formally declared during an interministerial seminar held on April 8, 2026, organized by the Interministerial Directorate for Digital Affairs (DINUM), the National Cybersecurity Agency of France (ANSSI), the Directorate General for Enterprises […]

The post France to Replace Windows with Linux on Government Desktops appeared first on Cyber Security News.

Квантовая эра рассудит.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Electric Vehicles’ appeared first on Security Boulevard.

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware.

加州戴维斯的科学家在 2022-2024 年的企鹅繁殖季期间给生活在阿根廷 Patagonian 海岸的 54 只麦哲伦企鹅的脚套上硅胶被动取样器，收集企鹅在数天活动期间内接触的水、空气和表面化学物质的样本。采样器回收后送往纽约州立大学布法罗进行检测。检测结果显示，即使在偏远地区，逾九成样本都检测到了 PFAS，PFAS 代表全氟烷基和多氟烷基物质，因为不会自然分解它被称为“永久留存的化学品”。

Инструмент собрал 34 тысячи звезд за три дня. В чем подвох?