Aggregator

A vulnerability was found in Post Slider and Post Carousel with Post Vertical Scrolling Widget Plugin up to 3.2.9 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-4567. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Newsletter Plugin up to 8.8.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-3584. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Кажется, Microsoft — единственная, кому не всё равно, что у тебя в порту.

Hewlett-Packard Enterprise (HPE) has issued a critical security bulletin (HPESBST04847 rev. 1) warning users of multiple high-impact vulnerabilities in its StoreOnce Software, specifically affecting versions before 4.3.11. The vulnerabilities, if exploited, could allow attackers to bypass authentication, execute arbitrary code remotely, perform server-side request forgery (SSRF), delete files, and access sensitive information via directory traversal. […]

The post Critical HPE StoreOnce Flaws Allow Remote Code Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Логов почти нет, а ущерб уже начинает напоминать дивиденды.

Currently trending CVE - Hype Score: 3 - A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, ...

Currently trending CVE - Hype Score: 3 - Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a ...

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. This vulnerability is known as CVE-2025-5513. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-5512. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-5511. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. This vulnerability was named CVE-2025-5510. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. This vulnerability is uniquely identified as CVE-2025-5509. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

In this Help Net Security interview, William Lyne, Deputy Director of UK’s National Crime Agency, discusses the cybercrime ecosystem and the threats it enables. He explains how cybercrime is becoming more accessible and fragmented. Lyne also talks about key trends, recent disruptions, and collaboration between law enforcement and the private sector. What are the most concerning trends you’re seeing in cybercriminal behaviour today? Cybercrime is a constantly evolving threat, which is supported and enabled by … More →

The post How global collaboration is hitting cybercriminals where it hurts appeared first on Help Net Security.

Польские эксперты раскрыли критические дыры в популярных смартфонах.

快速浏览！2025.6.26—6.1安全动态周回顾。

Cetus Protocol的总交易量为570亿美元（截至2025年5月），超过1500万个账户在平台上执行了1.44亿笔交易。

中国各大城市出现了一种新的商业模式：向失业者收费，租用办公桌假装工作，以应对青年失业率上升带来的社会压力。假装上班公司招聘帖文案几乎是同一个模板：“如果你失业了，想瞒住家里人，可以来我这里假装上班。这边能提供工位，你可以在这里玩手机，我会定期巡视，让你有上班摸鱼的快感。我会假装给你布置工作，你可以用任何理由拒绝，并把方案摔在我的办公桌上。一天只需要××元，‘早10晚5’不用打卡，就算我求你加班，你也能头也不回地走掉。”这类公司收费 30—60 元/天，工作环境看起来和普通白领上班的公司无异，提供 Wi-Fi、饮用水、电脑、空调，有些还能包一顿午饭，如果是空间大一点的公司，“应聘者”甚至能加钱解锁在公司“加班通宵”的体验。根据国家统计局的数据，2025 年 3 月，16-24 岁青年的失业率为 16.5%，一季度城镇失业率为 5.3%。

Submit #584492 / VDB-310927

Submit #584491 / VDB-310926