Aggregator

A vulnerability was found in WP Event Manager Plugin up to 3.1.43 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function events of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-2691. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Premium Portfolio Features for Phlox Theme up to 2.3.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Grid Portfolios. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-3587. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Apache Airflow up to 2.9.2 and classified as problematic. This issue affects some unknown processing of the component Provider Installation Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-39863. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Light Poll Plugin up to 1.0.0 on WordPress. This affects an unknown part of the component Answer Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-6720. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tenable Identity Exposure 3.19/3.29/3.42 and classified as critical. Affected by this issue is some unknown functionality of the component Formula Handler. The manipulation leads to csv injection. This vulnerability is handled as CVE-2024-3232. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in rexml Gem up to 3.3.0 on Ruby and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to resource consumption. This vulnerability is known as CVE-2024-39908. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Анализ показал современные тенденции безопасности в интернете.

CISA released seven Industrial Control Systems (ICS) advisories on March 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-077-01 Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI)
• ICSA-25-077-02 Rockwell Automation Lifecycle Services with VMware
• ICSA-25-077-03 Schneider Electric EcoStruxure Power Automation System
• ICSA-25-077-04 Schneider Electric EcoStruxure Panel Server
• ICSA-25-077-05 Schneider Electric ASCO 5310/5350 Remote Annunciator
   
• ICSA-24-352-04 Schneider Electric Modicon (Update A)
• ICSA-24-291-03 Mitsubishi Electric CNC Series (Update B)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
• CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. This has been patched in v46.0.1. 

(Updated March 19, 2025) The compromise of tj-actions/changed-files was potentially enabled by a compromise of another GitHub Action, reviewdog/action-setup@v1 (tracked as CVE-2025-30154), which occurred around the same time. The following Actions may also be affected:  

• reviewdog/action-shellcheck 

• reviewdog/action-composite-template 

• reviewdog/action-staticcheck 

• reviewdog/action-ast-grep 

• reviewdog/action-typos 

(Updated March 26, 2025) CISA added CVE-2025-30066 and CVE-2025-30154 to its Known Exploited Vulnerabilities Catalog. 

CISA strongly urges users to implement the following recommendations to mitigate this compromise. If your organization is impacted:  

(Updated March 26, 2025) 

• Identify affected repositories. Conduct an audit to locate all projects using all versions of tj-actions/changed-files between 2025-03-12 00:00 UTC to 2025-03-15 12:00 UTC in your organization and/or the reviewdog/action between March 11, 2025, between 18:42 and 20:31 UTC.  

• Identify exposed secrets. For public repositories with workflows that ran the malicious commit, check for exposed access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. Note: Secrets may be obfuscated as a double-encoded base64 payload. 

• Rotate all identified secrets immediately as they should be considered compromised. 

• Update to latest version of reviewdog/action-setup@3f401fe and/or follow these instructions provided by GitHub.

Organizations should investigate and report incidents and malicious activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.  

See the following resources for more guidance to reduce risk when using third-party GitHub Actions: 

• GitHub: tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs  

• GitHub: Security hardening for GitHub Actions - GitHub Docs 

• GitHub: tj-actions/changed-files: :octocat: Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories 

• StepSecurity: Harden-Runner detection: tj-actions/changed-files action is compromised 

• Wiz: GitHub Action tj-actions/changed-files supply chain attack 

• (Updated March 19, 2025) GitHub: Multiple Reviewdog actions were compromised during a specific time period · CVE-2025-30154 · GitHub Advisory Database 

• (Updated March 26, 2025) Semgrep: Popular GitHub Action tj-actions/changed-files is compromised 

This alert is provided “as is” for informational purposes only. CISA does not provide any warranties of any kind regarding any information within. CISA does not endorse any commercial product, entity, or service referenced in this alert or otherwise. 

360与重庆高校深化产教融合，推动“校聘企用”先行

360与重庆高校深化产教融合，推动“校聘企用”先行

A vulnerability classified as problematic was found in Sytel Softdial Contact Center. This vulnerability affects unknown code. The manipulation leads to Cross site scripting. This vulnerability was named CVE-2025-2495. The attack can be initiated remotely. There is no exploit available.

Заброшенный бэкдор ANEL снова в деле, но его истинная роль остаётся загадкой.

A sophisticated cyberattack technique known as Browser-in-the-Middle (BitM) has emerged, enabling hackers to bypass multi-factor authentication (MFA) and steal user sessions in mere seconds. This method exploits web browser functionalities to hijack authenticated sessions, posing a significant threat to organizations relying on traditional security measures. BitM attacks mimic legitimate browsing experiences by routing victims through […]

The post New BitM Attack Lets Hackers Steal User Sessions Within Seconds appeared first on Cyber Security News.

Инновации, которые перевернут представление о безопасности в интернете.

CISA, in collaboration with the FBI and NSA, identified and attributed multiple attacks to Russian entities, emphasizing the risks posed by state-backed Advanced Persistent Threats (APTs).

The post “My Vas Pokhoronim!” appeared first on Security Boulevard.

Malware peddlers are increasingly targeting users who are searching for free file converter services (websites) and tools, the FBI’s Denver Field Office has warned earlier this month. “To conduct this scheme, cyber criminals across the globe are using any type of free document converter or downloader tool. This might be a website claiming to convert one type of file to another, such as a .doc file to a .pdf file. It might also claim to … More →

The post FBI: Free file converter sites and tools deliver malware appeared first on Help Net Security.

Загадка столетней давности наконец разгадана.