Aggregator

A vulnerability was found in evigeo WP Filter & Combine RSS Feeds Plugin up to 0.4 on WordPress. It has been classified as problematic. This issue affects the function post_listing_page. This manipulation causes missing authorization. This vulnerability appears as CVE-2025-7828. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in wcplus WC Plus Plugin up to 1.2.0 on WordPress and classified as problematic. This vulnerability affects the function pluswc_logo_favicon_logo_base. The manipulation results in missing authorization. This vulnerability is reported as CVE-2025-7821. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in anzia Ni WooCommerce Customer Product Report Plugin up to 1.2.4 on WordPress and classified as problematic. This affects the function ni_woocpr_action of the component Setting Handler. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-7827. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as critical, was found in simplercheckout Simpler Checkout Plugin up to 1.1.9 on WordPress. Affected by this issue is the function simplerwc_woocommerce_order_created. Executing manipulation can lead to authentication bypass using alternate channel. This vulnerability is registered as CVE-2025-7642. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in wptobe-memberships Plugin up to 3.4.2 on WordPress. Affected by this vulnerability is the function del_img_ajax_call. Performing manipulation results in file inclusion. This vulnerability is cataloged as CVE-2025-9048. It is possible to initiate the attack remotely. There is no exploit available.

Cybersecurity researchers are calling attention to multiple campaigns that are taking advantage of known security vulnerabilities and exposed Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure. The first set of attacks entails the exploitation of CVE-2024-36401 (CVSS score: 9.8),

文章指出多个网络安全威胁：研究人员发现针对暴露Redis服务器的攻击活动增加，包括将其用于物联网僵尸网络、代理服务器或加密货币挖矿。这些攻击利用已知安全漏洞如CVE-2024-36401，并结合恶意软件如gayfemboy和PolarEdge僵尸网络展开长期隐蔽性资源窃取和收入生成活动。

文章介绍了作者开发的BotHorn机器人及其功能扩展。该机器人通过整合Subreddit和Telegram群组，在每天固定时间提取并总结Subreddit中的新讨论，并发送到Telegram群组。作者使用Reddit API和OAuth认证来实现数据获取，并将脚本托管在PythonAnywhere平台上自动运行。代码开源，可供他人参考和改进。

Atomic macOS Stealer的变种SHAMOS通过恶意广告在2025年6月至8月期间攻击了300多个实体。该恶意软件通过虚假macOS帮助网站诱骗用户执行恶意安装命令，窃取密码、浏览器数据和加密货币钱包信息。

Over 300 entities hit by the Atomic macOS Stealer via malvertising campaign between June and August, CrowdStrike warns. From June and August, over 300 entities were hit by a variant of the Atomic macOS Stealer (AMOS) called SHAMOS, reports CrowdStrike. The Atomic macOS Stealer lets operators steal diverse information from infected machines. This includes Keychain […]

Stolen DaVita Data Leaked on Dark Web by Ransomware Gang Interlock
Months after cybercriminal gang Interlock claimed to have stolen more than 1.5 terabytes of patient data from kidney dialysis chain DaVita, the company told federal regulators that the cyberattack first disclosed in April has affected nearly 2.7 million people.

Second Cyber IPO Filing of 2025, Netskope Shows Huge Reliance on Channel Partners
Netskope became the second cybersecurity company to pursue an initial public offering this year, revealing increased sales, improved losses and a heavy reliance on channel partners. Nearly 95% of its $328.5 million in revenue in the first half of fiscal year 2025 flowed through indirect channels.

Threat Actors Accessed, Stole Data for About 2 Months; BianLian Claims Credit
A health system in rural Michigan is notifying nearly 140,000 people that their information was potentially compromised in a data theft incident occurring between November 2024 and January 2025. Cybercriminal gang BianLian lists Aspire Rural Health System as a victim on its dark website.

US Cyber Defense Agency Pushes for Automation and Machine-Readable Data in SBOMs
The Cybersecurity and Infrastructure Security Agency released a draft update to its Software Bill of Materials minimum elements guidance, adding components to push SBOMs toward automated, operational use in supply chain risk tracking - while also addressing gaps in standardization and visibility.

Маск зарегистрировал товарный знак Macrohard и бросает вызов гигантам IT-индустрии.

A vulnerability was found in AOMEI Cyber Backup. It has been classified as critical. This affects an unknown part. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-8611. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability identified as critical has been detected in Frappe up to 14.96.14/15.74.1. The impacted element is an unknown function of the component Request Handler. This manipulation causes sql injection. This vulnerability appears as CVE-2025-55731. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Frappe up to 14.96.14/15.74.1. This affects an unknown function. Such manipulation leads to sql injection. This vulnerability is traded as CVE-2025-55732. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability categorized as problematic has been discovered in Adobe Experience Manager up to 6.5.22. Affected by this issue is some unknown functionality. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-47054. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.