ん – символ, который переписал правила кибербезопасности
Как обычная буква из японского алфавита превращает любой сайт в ловушку.
Aggregator
谷歌在上海办了场 AI 嘉年华,开发者们却说像逛「AI 基地」
4 months 2 weeks ago
在上海,重新定义「开发者大会」。
价值1.4 W人民币漏洞!骚!
4 months 2 weeks ago
Majority of Organizations Ship Vulnerable Code, Study Finds
4 months 2 weeks ago
A new Checkmarx study reveals that AI-generated code now accounts for over 60% of codebases in some companies, much of which contains known vulnerabilities
CVE-2025-8800 | Open5GS up to 2.7.5 AMF src/mme/esm-handler.c esm_handle_pdn_connectivity_request denial of service (Issue 3980 / EUVD-2025-24080)
4 months 2 weeks ago
A vulnerability was found in Open5GS up to 2.7.5. It has been rated as problematic. Affected by this issue is the function esm_handle_pdn_connectivity_request of the file src/mme/esm-handler.c of the component AMF Component. The manipulation leads to denial of service.
This vulnerability is handled as CVE-2025-8800. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-7778 | Icons Factory Plugin up to 1.6.12 on WordPress delete_files authorization
4 months 2 weeks ago
A vulnerability has been found in Icons Factory Plugin up to 1.6.12 on WordPress and classified as critical. This vulnerability affects the function delete_files. The manipulation leads to missing authorization.
This vulnerability was named CVE-2025-7778. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-7650 | BizCalendar Web Plugin up to 1.1.0.50 on WordPress bizcalv file inclusion
4 months 2 weeks ago
A vulnerability was found in BizCalendar Web Plugin up to 1.1.0.50 on WordPress and classified as critical. This issue affects the function bizcalv. The manipulation leads to file inclusion.
The identification of this vulnerability is CVE-2025-7650. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-8905 | Inpersttion for Theme Plugin up to 1.0 on WordPress theme_section_shortcode code injection
4 months 2 weeks ago
A vulnerability was found in Inpersttion for Theme Plugin up to 1.0 on WordPress. It has been classified as critical. Affected is the function theme_section_shortcode. The manipulation leads to code injection.
This vulnerability is traded as CVE-2025-8905. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-8091 | EventON Lite Plugin up to 2.4.6 on WordPress Shortcode add_eventon information disclosure
4 months 2 weeks ago
A vulnerability was found in EventON Lite Plugin up to 2.4.6 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function add_eventon of the component Shortcode Handler. The manipulation leads to information disclosure.
This vulnerability is known as CVE-2025-8091. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-7507 | elink Plugin up to 1.1.0 on WordPress input validation
4 months 2 weeks ago
A vulnerability was found in elink Plugin up to 1.1.0 on WordPress. It has been rated as critical. Affected by this issue is the function elink. The manipulation leads to improper input validation.
This vulnerability is handled as CVE-2025-7507. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-7662 | Gestion de tarifs Plugin up to 1.4 on WordPress Shortcode intitule sql injection
4 months 2 weeks ago
A vulnerability classified as critical has been found in Gestion de tarifs Plugin up to 1.4 on WordPress. This affects the function intitule of the component Shortcode Handler. The manipulation leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-7662. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-8080 | Alobaidi Captcha Plugin up to 1.0.3 on WordPress Setting cross site scripting
4 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Alobaidi Captcha Plugin up to 1.0.3 on WordPress. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-8080. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-8720 | Plugin README Parser Plugin up to 1.3.15 on WordPress target cross site scripting
4 months 2 weeks ago
A vulnerability has been found in Plugin README Parser Plugin up to 1.3.15 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument target leads to cross site scripting.
This vulnerability is known as CVE-2025-8720. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-5844 | Radius Blocks Plugin up to 2.2.1 on WordPress subHeadingTagName cross site scripting
4 months 2 weeks ago
A vulnerability was found in Radius Blocks Plugin up to 2.2.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument subHeadingTagName leads to cross site scripting.
This vulnerability is handled as CVE-2025-5844. The attack may be launched remotely. There is no exploit available.
vuldb.com
New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework
4 months 2 weeks ago
NIST has released a concept paper for new control overlays to secure AI systems, built on the SP…
Deeba Ahmed
AI Threats & Adaptive Authentication: How to Be Protected Against Deepfakes and Credential Attacks
4 months 2 weeks ago
Learn how adaptive authentication defends against deepfakes, credential attacks, and AI threats to keep your business secure.
The post AI Threats & Adaptive Authentication: How to Be Protected Against Deepfakes and Credential Attacks appeared first on Security Boulevard.
MojoAuth - Advanced Authentication & Identity Solutions
【CVE-2025-27388】OPPO健康APP存在Webview任意URL加载导致Token泄露风险的致谢公告
4 months 2 weeks ago
期待更多安全研究员积极参与申请CVE!
【7心协力】日程过半!6家SRC活动仍在火热进行中!
4 months 2 weeks ago
超多活动!超丰富礼品!一起庆祝7周年!
VirtualBox 7.2 Adds Windows 11/Arm VM Support and Key Bug Fixes
4 months 2 weeks ago
Oracle has released VirtualBox 7.2.0, a major update that significantly expands ARM virtualization capabilities and introduces comprehensive Windows 11/ARM support. Released on August 14, 2025, this update represents a substantial leap forward in cross-platform virtualization technology, addressing long-standing limitations and introducing experimental features that could reshape how users approach virtual machine deployment across different architectures. […]
The post VirtualBox 7.2 Adds Windows 11/Arm VM Support and Key Bug Fixes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
开源MTA搭建的邮件网关何谈安全?
4 months 2 weeks ago
HW 行动中,部分厂商因开源邮件网关组件漏洞沦陷,这一现象的背后,实则是开源 MTA 模块在技术根基上的诸多缺陷在实战中的集中暴露。
开源MTA的技术隐患:从架构缺陷到实战风险
国内邮件安全网关市场中,部分厂商因核心技术投入不足,产品能力分化明显,约70%邮件网关产品以 Postfix、Sendmail 等开源技术为根基,其功能扩展常走 “技术捷径”:实现反垃圾、病毒扫描等核心安全功能时,采用 “外部调用拼接式” 编程 —— 通过 Shell 脚本或命令行拼接调用外部安全引擎,而非原生 API 深度集成。这种开源改造存在三重硬伤:
1、效率损耗大:每封邮件处理需反复启动外部进程,高并发场景下 CPU 与内存占用激增,易成性能瓶颈。
2、安全攻击面扩大:命令行参数注入或转义不当,易被恶意邮件利用形成 Shell 注入风险。
3、稳定性和维护性差:进程间通信可靠性远低于原生库调用,错误链冗长难追踪。
根源在于研发模式不成熟。今年HW期间,多家机构网关产品即因开源 MTA 的内存管理缺陷、命令注入漏洞被攻破。更值得警惕的是,基于开源 MTA 搭建的网关,核心机制受制于人,难谈安全自主;且主流开源 MTA 多源自美国,不排除被植入后门的风险,一旦发生意外,可能导致信息泄露甚至系统失控。
CACTER自研破局:从底层重构邮件安全根基
CACTER邮件网关的破局关键,在于对 MTA核心组件实现 100% 自研,从协议处理到内存管理摆脱开源依赖,以此筑牢产品安全根基。
这一技术底气源自 26 年行业深耕经验与累计 63 项专利技术,始终以 “实战有效性”为导向—— 这正是CACTER在本次安全攻防中保持“零失陷”的核心秘诀。而除了这份自研硬实力外,CACTER的稳健表现,更离不开四大核心能力的坚实支撑:
26 年实战积累 从“被动防御” 到“主动适应”
邮件安全从不是 “闭门造车”,而是在借鉴与优化中动态应对实战挑战。26 年服务多行业的经验表明,稳定、适配、可迭代的方案,才是关键场景的坚实保障。
如今,AI 攻击推动邮件安全进入 “微秒级” 竞争时代。立足实战、融合优化的自研技术路线,已被证明是应对复杂威胁的可靠选择。26 年的经验积淀,硬核的产品实力,专业的服务团队,让CACTER在历次攻防中,交出让客户真正放心的答卷。
CACTER邮件安全