Aggregator

A vulnerability classified as critical has been found in Migration, Backup, Staging Plugin up to 0.9.116 on WordPress. This affects the function wpvivid_upload_import_files. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-5961. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in JKDEVKIT Plugin up to 1.9.4 on WordPress. It has been rated as problematic. Affected by this issue is the function font_upload_handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-2932. The attack may be launched remotely. There is no exploit available.

In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also shares tips on working with engineering teams and how automation helps in DevSecOps. In a heavily regulated industry like healthcare, what specific challenges do CISOs encounter when integrating security into DevOps workflows? In healthcare, … More →

The post Healthcare CISOs must secure more than what’s regulated appeared first on Help Net Security.

在数字经济高速发展的今天，互联网行业的安全需求正在发生深刻变革。随着业务形态向云端迁移、数据要素价值凸显、新型交互模式涌现，行业面临着APT攻击精准化、数据泄露规模化、业务欺诈智能化等新型威胁。安全防护的重心已从基础设施保护，转向数据资产全生命周期管理和业务风险动态管控。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，互联网行业安全建设呈现新趋势。防护理念升级：从单点防御到构建覆盖研发、运营、风控的全流程安全体系，实现安全能力与业务发展的同步规划。技术架构演进：云原生安全、隐私增强计算、智能风控引擎等技术正在重塑互联网安全防护体系。运营模式创新：自动化安全运维、威胁情报共享、红蓝对抗常态化等实践显著提升安全运营效率。 基于这些发现，我们将重点展示几个具有代表性的互联网行业优秀安全解决方案，为互联网行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编 2025中国网络安全「能源行业」优秀解决方案汇编 2025中国网络安全「制造行业」优秀解决方案汇编 2025中国网络安全「电力（水利）行业」优秀解决方案汇编

当前环境出现异常状态，需完成验证操作后方能继续访问服务。

在 GPLv3 发布 18 年、GPLv2 发布 34 年之际，已经停滞很久的 Copyleft-next 项目宣布重新启动。该项目旨在开发下一代 Copyleft 许可证。项目发起人表示 FOSS 需要新方法强化 copyleft。Richard Fontana 和 Bradley Kuhn 担任项目的联合主编，他们都参与过 Drafting Committees of GPLv3，从中汲取了很多教训，Software Freedom Conservancy(SFC)将为该项目提供资源并托管该项目。

СICADA8 запускает платформу нового поколения для контроля безопасности компонентов разработки.

Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts pressure on the hospitality sector to keep that information safe and private. Cybersecurity challenges in the hospitality industry The industry itself is booming. The hotel segment alone is expected to reach a new peak of $511.91 billion in 2029. It’s no surprise that cybercriminals are taking notice. The growing financial impact … More →

The post Cyberattacks are draining millions from the hospitality industry appeared first on Help Net Security.

Маленькое обновление, за которым скрывается большой сдвиг.

uAVD是一款新发布的软件，能够解调AM（如NTSC、PAL、SECAM）、FM（如FPV无人机视频链路）和RAW（如VHS或游戏机输出）信号。它通过uSDR软件接收IQ信号，并支持多种设备（如RTL-SDR和FobosSDR）。目前仅支持灰度模式，但宽频设备可实现彩色显示。软件免费提供，但不开源。

无影(TscanPlus)，抽奖、分享获取POC 扫描 license

作者分享了自己在网络安全领域的学习旅程，从OSI模型到TCP/IP协议、子网划分和DNS解析等基础知识，并鼓励读者跟随他的学习过程。

文章描述了在基于GraphQL的用户管理系统中发现的CSRF漏洞。由于GraphQL端点配置为接受application/x-www-form-urlencoded内容类型，浏览器会自动附加cookie到外部网站发起的请求中，从而引发潜在安全风险。

文章描述了GraphQL用户管理系统中的CSRF漏洞。该漏洞源于GraphQL端点接受application/x-www-form-urlencoded内容类型，导致浏览器自动附加cookie，从而可能引发CSRF攻击。

文章介绍了文件上传漏洞的概念及其易被忽视的安全风险。通过解释文件类型、扩展名及其作用，强调了正确处理文件上传的重要性。

作者在咖啡店使用SaaS平台发现了一个安全漏洞。通过利用内置脚本语言中的函数从外部URL获取数据，并尝试SSRF（服务器端请求伪造），最终成功提取了Azure云平台的访问令牌。这使他获得了对服务器及其云资源的完全控制权。

作者通过探索SaaS平台内置文件编辑器发现SSRF漏洞，利用外部数据函数获取云元数据和访问令牌，最终实现对服务器的全面控制。

80% of AI tools used by employees go unmanaged by IT or security teams, according to Zluri’s The State of AI in the Workplace 2025 report. AI is popping up all over the workplace, often without anyone noticing. If you’re a CISO, if you want to avoid blind spots and data risks, you need to know where AI is showing up and what it’s doing across the entire organization. What’s happening and why it matters … More →

The post AI tools are everywhere, and most are off your radar appeared first on Help Net Security.

A CVSS score 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L severity vulnerability discovered by 'Guy Lederfein of Trend Research' was reported to the affected vendor on: 2025-07-03, 73 days ago. The vendor is given until 2025-10-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.