Aggregator

A vulnerability classified as problematic was found in Countdown Timer for Elementor Plugin up to 1.3.9 on WordPress. The affected element is an unknown function. Such manipulation of the argument countdown_label leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8445. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses Plugin up to 10.20 on WordPress and classified as critical. This impacts an unknown function. The manipulation leads to missing authorization. This vulnerability is referenced as CVE-2025-8492. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in WP Easy FAQs Plugin up to 1.0.5 on WordPress. It has been classified as problematic. Affected by this vulnerability is the function WP_EASY_FAQ of the component Shortcode Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-8686. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Digital Events Calendar Plugin up to 1.0.8 on WordPress. It has been declared as problematic. Affected by this issue is some unknown functionality. Such manipulation of the argument column leads to cross site scripting. This vulnerability is listed as CVE-2025-5801. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Jobify Plugin up to 1.4.4 on WordPress. It has been rated as problematic. This affects an unknown part. Performing manipulation of the argument keyword results in cross site scripting. This vulnerability is cataloged as CVE-2025-8318. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability identified as critical has been detected in BeyondCart Connector Plugin up to 1.4.2/2.1.0 on WordPress. This issue affects the function determine_current_user of the component Configuration Handler. The manipulation leads to hard-coded credentials. This vulnerability is documented as CVE-2025-8570. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Responsive Addons for Elementor Plugin up to 1.7.4 on WordPress. Impacted is an unknown function of the component Widget. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-8215. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in azurecurve BBCode Plugin up to 2.0.4 on WordPress. Affected is the function url of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8398. The attack is possible to be carried out remotely. No exploit exists.

甲骨文股价创下 1992 年以来最佳单日表现，股价飙升 36% 至 328 美元，市值增加 2440 亿美元接近一万亿美元大关。股价的上涨受益于 AI 驱动的云计算需求激增。股价飙升也使得公司创始人埃里森（Larry Ellison）的财富增加了 1000 亿美元，超过马斯克（Elon Musk）成为新的世界首富。

Microsoft has issued a warning about two flaws in Windows BitLocker that could allow a local attacker—or malware

The post Critical BitLocker Flaws Allow Privilege Escalation: Patch Now appeared first on Penetration Testing Tools.

Millions of individuals and organizations entrust Google Drive with the storage of contracts, reports, photographs, and work documents,

The post Critical Google Drive Flaw Exposes All Your Files on Shared Computers appeared first on Penetration Testing Tools.

FastNetMon today announced that it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed. The malicious traffic was primarily a UDP flood launched from compromised customer-premises equipment (CPE), including IoT devices and […]

The post 1.5 Billion Packets Per Second DDoS Attack Detected with FastNetMon appeared first on Cyber Security News.

A vulnerability categorized as critical has been discovered in Google SecOps SOAR. This impacts an unknown function of the component ZIP Archive Handler. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2025-9918. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

一、背景概述近期，多起针对开源软件供应链的网络攻击事件相继曝光，最重要的两起事件是“s1ngularity”攻

The U.S. Department of Justice has filed charges against Ukrainian national Volodymyr Viktorovych Timoshchuk, identified by investigators as

The post DOJ Indicts Ukrainian National, Alleges Role in Three Major Ransomware Gangs appeared first on Penetration Testing Tools.

Plex has notified its users of a security incident that affected a portion of customer data. The company

The post Plex Urges Users to Reset Passwords After Security Incident appeared first on Penetration Testing Tools.

Researchers at Kroll have reported a new espionage campaign deploying the GONEPOSTAL malware. This tool was uncovered in

The post GONEPOSTAL: New Espionage Malware Hijacks Outlook for Covert Attacks appeared first on Penetration Testing Tools.

The subject of a new investigation is Alviva Holding, a provider whose infrastructure has long been a cornerstone

The post Unmasking a Cybercrime Enabler: The Provider Behind Clop Ransomware appeared first on Penetration Testing Tools.

London, United Kingdom, 11th September 2025, CyberNewsWire

Apple has officially unveiled Memory Integrity Enforcement (MIE) — a groundbreaking memory protection system the company describes as

The post Apple’s New Security System Aims to End Spyware Attacks appeared first on Penetration Testing Tools.