Aggregator

JoySafety: 大模型安全框架 by ourren

更多最新文章，请访问SecWiki

Defensie mag sterk groeien op bestaande locaties op de Utrechtse Heuvelrug tussen Amersfoort en Zeist. Die ruimte ontstaat voor een belangrijk deel door bestaande terreinen beter te benutten, intensiever te gebruiken en het vastgoed te clusteren en te vernieuwen. Tegelijk worden natuur en landschap beschermd en versterkt.  Vandaag ondertekende staatssecretaris van Defensie Gijs Tuinman een bestuurlijk akkoord en samenwerkingsovereenkomsten voor deelgebieden.

Yuh-Jye Lee, a senior adviser at Taiwan’s National Security Council, delivered a stark warning about China’s intentions to use cyberspace in new and more aggressive ways.

В Гааге выступили против передачи контроля над системой DigiD под юрисдикцию американского права.

A vulnerability labeled as problematic has been found in WP Last Modified Info Plugin up to 1.9.5 on WordPress. This affects the function bulk_save. Such manipulation of the argument post_ids leads to improper control of resource identifiers. This vulnerability is listed as CVE-2025-14608. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in Easy Form Builder Plugin up to 3.9.3 on WordPress. Affected by this issue is some unknown functionality. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-14067. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in StickEasy Protected Contact Form Plugin up to 1.0.1/1.0.2 on WordPress. Affected by this vulnerability is an unknown functionality of the file wp-content/uploads/stickeasy-protected-contact-form/spcf-log.txt. The manipulation results in information disclosure. This vulnerability is identified as CVE-2025-13973. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in BFG Tools Plugin up to 1.0.7 on WordPress. It has been rated as critical. Affected is the function zip of the file /wp-content/plugins/. The manipulation of the argument first_file leads to path traversal. This vulnerability is referenced as CVE-2025-13681. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Santesoft Sante DICOM Viewer Pro 14.2.0. It has been declared as critical. This impacts an unknown function of the component DCM File Parser. Executing a manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2026-2034. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MLflow. It has been classified as critical. This affects an unknown function of the component Artifact Handler. Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-2033. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in HP App on Android and classified as problematic. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-1578. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Kanboard up to 1.2.49 and classified as problematic. The affected element is the function TaskCreationController::duplicateProjects of the component Incomplete Fix CVE-2023-33968. This manipulation causes missing authorization. This vulnerability is handled as CVE-2026-25531. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support […]

Шах и мат, литий-ионные батареи!

Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment help SOC teams prioritize high-risk IPs and accelerate investigations without leaving QRadar. [...]