Aggregator

A vulnerability classified as problematic was found in xpeedstudio ElementsKit Elementor Addons Plugin up to 3.4.0 on WordPress. This vulnerability affects unknown code of the component Image Accordion Widget. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-1005. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in designinvento DirectoryPress Frontend Plugin up to 2.7.9 on WordPress. This issue affects the function dpfl_listingStatusChange. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-10581. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in bitpressadmin Chat Widget Plugin up to 1.5.2 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument fileID leads to relative path traversal. This vulnerability is handled as CVE-2025-0822. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in cyberchimps Responsive Plus Plugin up to 3.1.4 on WordPress. Affected by this vulnerability is the function remote_request of the component Setting Handler. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-13834. The attack can be launched remotely. There is no exploit available.

A vulnerability was suspected in Linux Kernel up to 6.6.35/6.9.6. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

Australia bans Kaspersky software over national security concerns, citing risks of foreign interference, espionage, and sabotage of government networks. Australian Government banned products and services provided by Russian cybersecurity firm Kaspersky over national security concerns. The Secretary of the Department of Home Affairs has issued a mandatory directive under the Protective Security Policy Framework (PSPF) […]

Telstra found that 75% of cyber incidents impacting manufacturing firms originated from the targeting of IT systems connected to OT environments

A security researcher has uncovered critical vulnerabilities in Eight Sleep’s internet-connected smart beds, revealing exposed Amazon Web Services (AWS) credentials, remote SSH backdoors, and potential access to users’ entire home networks. The findings underscore growing concerns about IoT device security as consumers increasingly adopt connected appliances for everyday use. Researcher Discovers AWS Keys and Remote […]

The post Smart Bed Security Flaw Lets Hackers Access Other Network Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitHub 通过 CodeQL 实现大规模安全防护，结合自定义查询包、自动化变种分析与提示性告警，构建高效漏洞检测体系，为开发者提供企业级代码安全实践范本。

GitHub 通过 CodeQL 实现大规模安全防护，结合自定义查询包、自动化变种分析与提示性告警，构建高效漏洞检测体系，为开发者提供企业级代码安全实践范本。

A leak suggests that Chinese cybersecurity firm TopSec offers censorship-as-a-service services, it provided bespoke monitoring services to a state-owned enterprise facing a corruption scandal. SentinelLABS researchers analyzed a data leak that suggests that the Chinese cybersecurity firm TopSec offers censorship-as-a-service services. The origin of the data leak is unclear, the leak is large and inconsistently […]

A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining possible connections to China-affiliated threat actors, citing evidence of infrastructure linked to CDS Global Cloud and UCLOUD HK, which have operational ties to China. The attack utilizes command-and-control (C2) servers hosted by SharkTech, a U.S.-based provider previously identified for hosting malicious activity. “These findings from our STRIKE Threat Intelligence team … More →

The post Massive botnet hits Microsoft 365 accounts appeared first on Help Net Security.

一项研究发现，许多国家用于高尔夫球场的土地总面积超过了风能或太阳能的土地面积。在公共辩论中可再生能源项目的土地需求经常受到批评，但形成鲜明对比的是：大片土地被分配给了只服务于少数富人的高尔夫球场。研究发现在美英等国，分配给高尔夫球场的土地远多于分配给可再生能源设施的土地。在高尔夫球场最多的十个国家中，高尔夫球场的土地面积可支持 842 GW的太阳能和 659 GW的风能容量——超过了现有的可再生能源装机容量。高尔夫球场通常需要大量的水和化学处理，对环境有巨大影响。相比下，太阳能发电场和风力涡轮机能提供可持续的土地利用，同时还能减少温室气体排放。太阳能发电场每 MW 需要约 0.01 平方公里土地，而风力发电场每 MW 需约 0.12 平方公里的土地。