Aggregator

A vulnerability was found in LoftOcean CozyStay Plugin up to 1.7.0 on WordPress and classified as problematic. Affected by this issue is the function ajax_handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-13412. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in LoftOcean CozyStay Plugin and TinySalt Plugin up to 1.7.0 on WordPress and classified as critical. Affected by this vulnerability is the function ajax_handler. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-13410. The attack can be launched remotely. There is no exploit available.

美国国家标准与技术研究院（NIST）已经新增了第五种算法——HQC，作为其面向后量子计算时代的密码算法储备。

美国国家标准与技术研究院（NIST）已经新增了第五种算法——HQC，作为其面向后量子计算时代的密码算法储备。

A vulnerability, which was classified as problematic, has been found in PecanProject pecan 1.7.2. Affected by this issue is some unknown functionality. The manipulation of the argument hostname/sitegroupid/lat/lon/sitename leads to cross site scripting. This vulnerability is handled as CVE-2024-57348. The attack may be launched remotely. There is no exploit available.

Google превращает Gemini в полноценную творческую лабораторию с новыми функциями.

研究人员利用“沉浸式世界”技术越狱顶级LLM，成功打造完全可用的Google Chrome信息窃取工具。

A vulnerability, which was classified as problematic, was found in smub Feeds for YouTube Plugin up to 2.2.1 on WordPress. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-6256. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in smub Feeds for YouTube Plugin up to 2.2.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6256. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Schneider Electric FoxRTU Station. This affects an unknown part of the component Project File Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-2602. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Schneider Electric Modicon Controllers M241, Modicon Controllers M251, Modicon Controllers M258, Modicon Controllers LMC058 and Modicon Controllers M262 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-6528. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in gaizhenbiao chuanhuchatgpt up to 20240410. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6035. The attack can be launched remotely. There is no exploit available.

Google 宣布以 320 亿美元现金收购以色列云安全公司 Wiz。如果获得监管部门批准完成收购，它将成为 Google 云端业务部门的一部。这不是 Google 第一次尝试收购 Wiz。去年 Google 提议以 230 亿美元收购 Wiz 的谈判因对方担心监管问题而破裂，特朗普政府被认为比拜登政府在企业合并上更友好。Google 表示，Wiz 的产品将会继续提供给主要云平台，包括其竞争对手 Amazon Web Services、Microsoft Azure 和 Oracle Cloud。Google 也警告，这笔收购也可能会被特朗普政府阻止，如果收购失败，Google 将向 Wiz 支付 32 亿美元的分手费，这笔分手费占到总金额的十分之一。

Nederland wil een bijdrage leveren aan veiligheid en stabiliteit in de Indo-Pacific. “Bij alle geopolitieke grimmigheid is het belangrijk de banden met ‘ongebonden’ India te versterken. Stabiliteit in de Indo-Pacific is verweven met onze handel en veiligheid.” Dat was de boodschap van minister van Defensie Ruben Brekelmans tijdens de Raisina Dialogue 2025 in India. Dit is een van de belangrijkste geopolitieke conferenties in de regio Azië en Oceanië. Brekelmans was er de afgelopen dagen.

A sophisticated cyberattack has been uncovered, targeting booking websites to spread the LummaStealer malware. This campaign leverages fake CAPTCHA prompts and social engineering techniques to deceive users into executing malicious commands on their systems. LummaStealer, an info-stealer malware operating under a Malware-as-a-Service (MaaS) model, has been gaining attention for its versatility and global reach. Infection […]

The post Advanced Cyber Attack Exploits Booking Websites to Deploy LummaStealer Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google объяснила, почему Linux-VM теперь есть в Pixel.

Overview Recently, NSFOCUS CERT detected that Microsoft released a security announcement and fixed the spoofing vulnerability of Windows File Explorer (CVE-2025-24071), with a CVSS score of 7.5. Due to the implicit trust and automatic file parsing behavior of .library-ms files by Windows Explorer, unauthenticated attackers can save files by constructing RAR/ZIP with an embedded malicious […]

The post Windows File Explorer Spoofing Vulnerability (CVE-2025-24071) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Windows File Explorer Spoofing Vulnerability (CVE-2025-24071) appeared first on Security Boulevard.

Pebble 创始人 Eric Migicovsky 宣布推出两款运行 PebbleOS 的智能手表产品。他创办的 Pebble 公司被出售给 Fitbit 后关闭，而 Google 收购 Fitbit 后获得了 Pebble 的所有权。今年 1 月Google 宣布在 Apache License 2.0 下开源 Pebble 智能手表操作系统，而 Migicovsky 同一时间宣布将推出运行开源 PebbleOS 的新产品。两款新产品分别是：Core 2 Duo，售价 149 美元，今年 7 月上市；Core Time 2，售价 225 美元，12 月上市。因为新产品运行的是 PebbleOS，兼容于原来为 PebbleOS 开发的应用，因此能在新产品上使用的应用以及表盘数量将超过 1 万。Core 2 Duo 配备了 1.26 英寸的电子纸显示屏，电池使用时间将长达 30 天；Core Time 2 配备了更大的 1.5 英寸 64 色电子纸显示屏，电池使用时间 30 天（预估）。两款产品目前开放预购。

A critical vulnerability affecting Synology’s DiskStation Manager (DSM) has been disclosed, allowing remote attackers to execute arbitrary code on vulnerable systems. This severe issue, identified as CVE-2024-10441, has been reported in multiple DSM versions, including DSM 6.2, 7.1, 7.2, and 7.2.1, as well as Synology Unified Controller (DSMUC) version 3.1. The vulnerability is classified as […]

The post Critical Synology Vulnerability Allows Remote Attackers to Execute Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Rules File Backdoor компрометирует цепочки поставок без единого следа вторжения.