Aggregator

再获权威认证！

Обнаружен первый случай использования инфраструктуры Microsoft Teams для сокрытия управления вредоносным ПО.

Arch Linux官方建议用户仅信任更新频繁且有活跃社区维护的项目，并查阅受影响软件包列表及入侵指标。

速修复

速修复

Barracuda Networks has unveiled Barracuda Integrated Email Protection, an Integrated Cloud Email Security (ICES) solution delivering protection against evolving AI-driven threats. Powered by AI, the solution continuously and autonomously detects and remediates threats across the attack lifecycle, explains Microsoft 365 and Google Workspace verdicts and enables rapid post-delivery message clawback. Built on BarracudaONE platform telemetry across domains, including email, identity, network, data, and applications, and designed for single and multitenant environments, it also enables MSPs … More →

The post Barracuda introduces AI-powered email security with automated threat response appeared first on Help Net Security.

A vulnerability classified as problematic has been found in Cotonti 1.0.0. This issue affects the function cot_check_xg of the file /pfs/inc/pfs. Performing a manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2026-55745. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability described as problematic has been identified in Cotonti 1.0.0. This vulnerability affects the function htmlspecialchars of the file modules/pfs/inc/pfs.main. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-55746. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue.

A vulnerability marked as critical has been reported in MagicForm Plugin up to 0.1.3 on WordPress. This affects an unknown part of the component PHP File Handler. This manipulation causes unrestricted upload. This vulnerability is tracked as CVE-2026-9815. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in Google Android 14/16. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation results in denial of service. This vulnerability is identified as CVE-2026-28573. The attack is only possible with local access. There is not any exploit available.

A vulnerability identified as problematic has been detected in blubrry PowerPress Podcasting plugin by Blubrry up to 11.16.8 on WordPress. Affected by this vulnerability is the function update_post_meta. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-12098. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in mariovalney CF7 to Webhook Plugin up to 5.0.0 on WordPress. Affected is an unknown function of the component Placeholder Handler. Executing a manipulation can lead to server-side request forgery. The identification of this vulnerability is CVE-2026-11395. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in phppoet SysBasics Customize My Account for WooCommerce Plugin up to 4.3.6 on WordPress. It has been rated as problematic. This impacts the function plugin_options_page of the component Admin Dashboard Page. Performing a manipulation of the argument tab results in cross site scripting. This vulnerability was named CVE-2026-12137. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in phppoet SysBasics Customize My Account for WooCommerce Plugin up to 4.3.6 on WordPress. It has been declared as problematic. This affects the function wcmamtx_get_avatar_default of the component Shortcode Handler. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-12136. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Cotonti 1.0.0. It has been classified as problematic. The impacted element is the function cot_config_update_options of the file /admin/admin. This manipulation of the argument x causes cross-site request forgery. This vulnerability is handled as CVE-2026-55741. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in codepeople Appointment Booking Calendar Plugin up to 1.4.01 on WordPress and classified as problematic. The affected element is the function cpabc_appointments_calendar_load2 of the component Query Parameter Handler. The manipulation of the argument ID results in information disclosure. This vulnerability is known as CVE-2026-12111. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in stiofansisland UsersWP Plugin up to 1.2.63 on WordPress and classified as problematic. Impacted is an unknown function of the component User Registration Handler. The manipulation of the argument user_id leads to authorization bypass. This vulnerability is traded as CVE-2026-12102. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Cotonti 1.0.0. This issue affects the function cot_check_xg of the file modules/pfs/inc/pfs.main. Executing a manipulation can lead to cross-site request forgery. This vulnerability appears as CVE-2026-55744. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability, which was classified as problematic, has been found in Cotonti 1.0.0. This vulnerability affects the function cot_check_xg of the file /admin/admin. Performing a manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2026-55742. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

42Crunch has announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers to continuously audit, test, remediate and validate API security vulnerabilities directly within AI-assisted development workflows. Organizations are struggling to secure their growing API landscape in the face of increasing attacks, with AI’s heavy reliance on APIs compounding this problem. Consequently, one of the key areas of attention for security and engineering teams is the security … More →

The post New 42Crunch plugin helps developers find and fix API vulnerabilities in GitHub Copilot appeared first on Help Net Security.