Aggregator

Блокировка мессенджеров разогнала голосовой трафик.

A vulnerability, which was classified as critical, has been found in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The identification of this vulnerability is CVE-2025-9022. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #629773 / VDB-320089

Global staffing and workforce solutions firm Manpower reports a January RansomHub ransomware attack that compromised data of 140,000 individuals. Manpower in Lansing, Michigan, reported that the ransomware attack that disrupted its systems on January 20, 2025, resulted in a breach that impacted 144,180 individuals. The company launched an investigation into the incident with the help […]

Manpower遭遇RansomHub勒索软件攻击，导致144,180人数据泄露。攻击发生在2025年1月，入侵时间是之前的一个多月。泄露数据包括身份证、SSN等敏感信息。公司已通知FBI，并提供信用监控服务。

A vulnerability classified as critical was found in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. This vulnerability was named CVE-2025-9021. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #629696 / VDB-320088

Submit #629692 / VDB-320088

Submit #631862 / VDB-320087

Submit #631861 / VDB-320086

A vulnerability classified as problematic has been found in Injection Guard Plugin up to 1.2.7 on WordPress. This affects an unknown part. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8046. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP Shopify Plugin up to 1.5.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-7808. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Quiz and Survey Master Plugin up to 10.2.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-6790. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Structured Content wpsc Plugin up to 1.6.x on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-3414. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Zelle Provider Allowed $1 Billion of Fraudulent Transactions, Prosecutors Say
The state of New York is suing the privately held fintech company behind the Zelle money transfer system in a complaint that alleges years of poor cybersecurity and protections against fraud. The New York complaint targets Early Warning Services, the company behind the money transfer app.

Congress Pressed to Fund Federal Court System Cyber Upgrades Amid Escalating Risks
A breach of the U.S. national court filing system intensified concerns over the federal judiciary's cybersecurity, with critics urging reforms and congressional funding to close gaps that could expose sealed cases, confidential informants and other sensitive information.

HHS Says New FAQs Support HHS' 'Make Health IT Great Again' Interoperability Effort
Federal regulators issued updated HIPAA privacy rule guidance that aims to clarify when patients' protected health information can be shared with value-based care organizations, and also the types of health records that patients have a right to access upon request. Does it cover any new ground?

Majority of Attacks Target Operational Technology Networks
Exploitation attempts against a severe vulnerability in a runtime system widely deployed in operational technology environments spiked globally in the days after open-source maintainers of the Erlang/OTP project published a patch. Attackers could take full control of systems.

挪威反情报机构负责人 Beate Gangaas 周三表示，俄罗斯黑客今年四月七日短暂控制了一座位于 Bremanger 的水坝，打开了泄洪闸，四个小时后攻击被发现而停止。挪威大部分电力来自水电，情报部门此前曾警告其能源基础设施可能遭受攻击。Gangaas 说，此类攻击的目的是影响民众，在民众中制造恐惧和混乱，我们的俄罗斯邻居变得更危险了。俄罗斯驻奥斯陆大使馆表示，她的声明毫无根据并带有政治动机。