Aggregator

A vulnerability was found in codepeople Appointment Booking Calendar Plugin up to 1.4.01 on WordPress and classified as problematic. The affected element is the function cpabc_appointments_calendar_load2 of the component Query Parameter Handler. The manipulation of the argument ID results in information disclosure. This vulnerability is known as CVE-2026-12111. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in stiofansisland UsersWP Plugin up to 1.2.63 on WordPress and classified as problematic. Impacted is an unknown function of the component User Registration Handler. The manipulation of the argument user_id leads to authorization bypass. This vulnerability is traded as CVE-2026-12102. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Cotonti 1.0.0. This issue affects the function cot_check_xg of the file modules/pfs/inc/pfs.main. Executing a manipulation can lead to cross-site request forgery. This vulnerability appears as CVE-2026-55744. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.

A vulnerability, which was classified as problematic, has been found in Cotonti 1.0.0. This vulnerability affects the function cot_check_xg of the file /admin/admin. Performing a manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2026-55742. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

42Crunch has announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers to continuously audit, test, remediate and validate API security vulnerabilities directly within AI-assisted development workflows. Organizations are struggling to secure their growing API landscape in the face of increasing attacks, with AI’s heavy reliance on APIs compounding this problem. Consequently, one of the key areas of attention for security and engineering teams is the security … More →

The post New 42Crunch plugin helps developers find and fix API vulnerabilities in GitHub Copilot appeared first on Help Net Security.

山西大学研究人员在 PLOS One 上发表了一篇论文，指出青少年的心理健康、体重指数以及屏幕时间与睡眠质量有显著联系，且女孩和生活在农村地区的青少年睡眠质量往往较差。研究人员调查了中国六个城市的 5,713 名 13-18 岁青少年，这六个城市分别是：上海、苏州、太原、婺源、兴义和乌鲁木齐。他们使用匹兹堡睡眠质量指数（PSQI）收集了睡眠质量数据，同时还收集了 BMI、体质健康、静坐时间、屏幕使用时间及心理健康等数据。此外还获得了每位参与者的居住地（城市或农村）和性别信息。总体上有 33.71% 的受访者睡眠质量不佳。他们发现不同居住地点和性别之间存在显著差异。农村青少年睡眠质量不佳的比率高于城市青少年（分别为 35.78% 和 31.90%），在入睡时间、睡眠时长和睡眠干扰几个方面的表现均较差。女孩在几乎所有睡眠衡量指标方面上的表现均不及男孩，女孩睡眠质量较差者的比率为 38.40%，而男孩为 29.20%。较高的体重指数对女孩的睡眠有更显著的不利影响。

Blue Planet is closing the governance gap in network operations by unveiling Blue Planet Configuration and Change Management (CCM), unifying device configuration, change, and lifecycle management across multi-vendor networks. Backed by Blue Planet’s deep Operations Support System (OSS) expertise, CCM replaces fragmented tools and manual processes with AI-driven workflows to reduce risk, prevent outages, and strengthen the foundation for autonomous networking. As networks grow more complex, configuration errors and unmanaged changes remain a leading cause … More →

The post Blue Planet helps service providers reduce risk with unified network change governance appeared first on Help Net Security.

Пока в Гонконге тонут улицы, KazChess и Dragon Chilling топчут конкурентов на досках.

FortiBleed: Admin Passwords for 75,000 Fortinet Firewalls Are Out in the Wild. Half the Internet-Facing Fortinets on the Planet. Security researcher Bob Diachenko found a server sitting open on the internet containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for tens of thousands of organizations. He posted […]

根据国家信息安全漏洞库（CNNVD）统计，近期（2026年5月29日至2026年6月15日）共采集重要人工智能漏洞201个

"Shield-6G" will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow.

Нейросети научились находить неуловимые баги, и ИТ-гиганты создают секретный альянс.

法国物理学家和科普名人 Étienne Klein 因论文抄袭被剥夺博士学位。他是 Alternative Energies and Atomic Energy Commission (CEA)的物理学家，出版了 30 多本书，主持一档每周播出的科普节目。自 2016 年以来他就面临着科普文章抄袭的指控。2024 年 8 月他的博士论文也受到质疑。他是在 1999 年获得博士学位，他的大学目前被合并为巴黎城市大學。分析显示，这篇博士论文五分之一的版面涉嫌抄袭，抄袭的内容包括作家加缪（Albert Camus）、物理学家德布罗意（Louis de Broglie），甚至还有论文委员会成员的论文。巴黎城市大學随后展开了调查，发现论文近三分之二的内容存在抄袭，因此撤销了他的博士学位。Klein 回应了指控，辩解称他阅读了大量书籍，可能不知觉的将其吸收的内容写入到论文中。

智库 Rhodium Group 的统计显示，截至 2025 年 12 月，中国生产的汽车占欧盟新车销售的 9.3%，比 2023 年 1 月上升 7.1 个百分点。预计 2026 年将超过 10%。从中国以外的第三国出口到欧洲等的中国品牌车的比例也在 2025 年 12 月达到 6.2%，增加 5.5 个百分点。欧盟从 2024 年秋季开始对中国产纯电动汽车加征关税。不过，中国企业增加了不属于加征对象的插电式混合动力车（PHV）的出口，势头并未减弱。 中国整车企业也陆续开设欧洲基地，进行采购和生产。

Неизменяемость — это святое. Особенно когда хакер уже внутри.

苹果成为 AI 热导致内存短缺而涨价的最新一家公司。即将卸任的苹果 CEO 库克（Tim Cook）表示，内存供应状况“难以为继”，涨价“不可避免”。他没有透露何时涨价，也没有说明哪些产品会涨价，以及即将于 9 月发布的下一代 iPhone 18 是否会受到影响 。库克说，“在消费者急需设备时内存供应在减少，而内存厂商却选择大幅涨价。我们迫切需要内存价格和供应恢复到消费产品的合理水平。这是最为重要的。”内存价格自 2025 年 10 月以来翻了一番多。

Currently trending CVE - Hype Score: 7

A vulnerability classified as problematic was found in bplugins Services Section Block Plugin up to 1.4.4 on WordPress. This affects an unknown part. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-11402. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in optimole Optimole Plugin up to 4.2.6 on WordPress. Affected by this issue is the function replace_file of the component Link Handler. This manipulation of the argument ID causes cross-site request forgery. This vulnerability is registered as CVE-2026-11784. Remote exploitation of the attack is possible. No exploit is available.