Aggregator

A vulnerability, which was classified as critical, has been found in bslthemes isulu Theme on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to file inclusion. This vulnerability is handled as CVE-2025-48290. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in bslthemes kaffen Theme on WordPress. This affects an unknown part. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2025-48290. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in bslthemes Kinsley Theme on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to file inclusion. This vulnerability was named CVE-2025-48290. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in bslthemes Ashley Theme on WordPress. Affected is an unknown function. The manipulation leads to file inclusion. This vulnerability is traded as CVE-2025-48290. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in bslthemes Builty Theme on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to file inclusion. This vulnerability is known as CVE-2025-48290. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

模糊的指纹：Web 应用程序指纹识别的性能提升 by ourren

更多最新文章，请访问SecWiki

十几年前上大学的时候经常混90sec，逛逛看雪，当时经常拿个破电脑扫sql漏洞，毕业了以后做牛马了这些东西就都放下了。以前全靠兴趣去玩这些，从脚本小子到crud boy，写过php，搞过golang，做过python，写过前端，只是再也没有以前的热情了。

偶尔回想起来，以前在90sec的岁月还是怀念啊，怀念以前的人和事，有遗憾有释怀，就是青春再也回不去了。。。。

6 个帖子 - 5 位参与者

阅读完整话题

A vulnerability was found in Maccms10 2025.1000.4047. It has been rated as critical. This issue affects some unknown processing of the component Email Setting Handler. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-45474. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in freescout-help-desk freescout up to 1.8.178. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-48472. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0. It has been classified as problematic. This affects an unknown part of the file /api/v4/teams/ of the component Team Privacy Setting Handler. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-3913. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in freescout-help-desk freescout up to 1.8.178 and classified as problematic. Affected by this issue is some unknown functionality of the component Conversation Handler. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-48473. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in freescout-help-desk freescout up to 1.8.177 and classified as problematic. Affected by this vulnerability is the function Set. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-48389. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in freescout-help-desk freescout up to 1.8.178. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-48471. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in freescout-help-desk freescout up to 1.8.177. This issue affects the function file_exists of the file tools.php. The manipulation of the argument php_path leads to code injection. The identification of this vulnerability is CVE-2025-48390. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

中国于 5 月 29 日在西昌卫星发射中心用长征三号乙Y110运载火箭成功发射了行星探测工程天问二号探测器。天问二号任务长达十年，主要有两大目标：对小行星 2016HO3 进行伴飞、取样并返回地球；对主带彗星311P开展科学探测。小行星 2016HO3 在 2016 年由夏威夷望远镜首次发现，直径 40-100 米左右，被认为保留着太阳系诞生之初的原始信息。如果成功取样并送回地球，中国将继美国和日本之后成为完成小行星取样的第三个国家。天问二号预计在 2026 年 7 月飞到小行星附近，取样目标是收集至少 100 克岩石和尘埃，任务预计在 2027 年末完成，然后开始将样本送回地球分析。天问二号将尝试多种方式收集样本，其中一种方法是探测器靠近小行星表面，配合小行星自转，伸出机械臂采集样本。主带彗星311P 位于火星和木星轨道之间的小行星带，它既像小行星般沿固定轨道行进，又像彗星一样喷发尘埃，被称为“活跃的小行星”。

我们为安全建立的孤岛、特殊流程和神秘评分正在让软件变得更不安全。

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan

适用于 macOS + OrbStack/Docker 环境 1. 安装前准备 1.1 系统要求 1.2 环境验证 2. 初始安装步骤 2.1 创建项目目录 2 […]

The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...]

Cybersecurity researchers have uncovered a sophisticated phishing campaign that leveraged the legitimate infrastructure of Nifty[.]com, a popular project management platform, to conduct targeted attacks against organizations worldwide. The campaign, which remained active for several months before detection, demonstrates an evolving trend where threat actors exploit trusted web services to bypass traditional security measures and establish […]

The post Threat Actors Abused Nifty[.]com Infrastructure for Sophisticated Phishing Attack appeared first on Cyber Security News.