Aggregator

Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. BlacksmithAI: Open-source AI-powered penetration testing framework BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution across specialized agents. mquire: Open-source Linux memory forensics tool Linux … More →

The post Hottest cybersecurity open-source tools of the month: March 2026 appeared first on Help Net Security.

A vulnerability described as critical has been identified in WebToffee Product Feed for WooCommerce Plugin up to 2.3.3 on WordPress. This affects an unknown function. Executing a manipulation can lead to deserialization. This vulnerability appears as CVE-2026-22480. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in flexcubed PitchPrint Plugin up to 11.1.2 on WordPress. Affected by this vulnerability is an unknown functionality. This manipulation causes path traversal. This vulnerability is handled as CVE-2026-22448. The attack can be initiated remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in GitLab Enterprise Edition up to 18.8.6/18.9.2/18.10.0. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-14595. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Convers Lab WPSubscription Plugin up to 1.8.10 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation results in authorization bypass. This vulnerability is reported as CVE-2025-69347. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical was found in Ruhul Amin My Album Gallery Plugin up to 1.0.4 on WordPress. This affects an unknown part. Such manipulation leads to missing authorization. This vulnerability is traded as CVE-2026-22485. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Metagauss EventPrime Plugin up to 4.2.6.0 on WordPress. This vulnerability affects unknown code. Performing a manipulation results in missing authorization. This vulnerability is known as CVE-2025-69358. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in pebas Lisfinity Core Plugin up to 1.5.0 on WordPress and classified as critical. Impacted is an unknown function. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-22484. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in GitLab Enterprise Edition up to 18.8.6/18.9.2/18.10.0. It has been declared as critical. This affects an unknown function. Such manipulation leads to missing authentication. This vulnerability is referenced as CVE-2026-1724. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 10.11.11/11.2.3/11.3.1/11.4.0/11.4.x. Affected by this vulnerability is an unknown functionality. Such manipulation leads to improper check for unusual conditions. This vulnerability is documented as CVE-2026-20719. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in G5Theme Zorka Plugin up to 1.5.7 on WordPress. It has been classified as problematic. Impacted is an unknown function. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-69096. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in wphocus My Auctions Allegro Plugin up to 3.6.35 on WordPress. It has been declared as problematic. The affected element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-22491. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in HYPR up to 10.6. This affects an unknown function. Executing a manipulation can lead to incorrect privilege assignment. The identification of this vulnerability is CVE-2026-1712. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

好，我需要帮用户总结这篇文章的内容，控制在100字以内。首先，文章主要讲的是Axios开源库被黑客攻击了。Axios是一个非常流行的HTTP客户端库，每月下载量超过3亿次。黑客通过NPM仓库发布了两个带毒的版本，分别是[email protected]和[email protected]。这些版本并没有直接添加恶意代码，而是注入了一个隐藏的依赖项[email protected]，这个依赖项会偷偷安装远程访问木马。 接下来，文章提到如果用户在3月31日左右安装或更新了这两个版本的Axios，就需要立即采取措施降级，并且轮换所有密钥，甚至重建环境。NPM官方已经删除了恶意依赖项，但目前Axios的主要开发者还没有回应，所以还不清楚账号是如何被泄露的，以及是否已经采取了补救措施。 最后，文章给出了六条安全建议：降级到安全版本、移除恶意依赖项、检查是否被感染、搜索可疑文件、添加防御措施以及轮换密钥和重建环境。 总结起来，文章主要讲述了Axios开源库被黑客攻击的情况、影响范围以及应对措施。 Axios开源库遭黑客攻击，发布带毒版本植入远程木马。开发者需立即降级并检查环境安全。

Статья объясняет, как сайты и провайдеры выявляют использование VPN по IP, DNS- и WebRTC-утечкам, геолокации и DPI, зачем это делают сервисы и банки.

Notepad++ has officially released version 8.9.3, delivering critical security patches, structural performance enhancements, and resolutions for persistent crash issues. This update finalizes the text editor’s transition to a highly optimized XML parser, addressing multiple recent regressions while fortifying the application’s auto-update mechanism against documented vulnerabilities. Notepad++ v8.9.3 Release The most notable security implementation in version […]

The post Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability and Crash Issues appeared first on Cyber Security News.

Axios 遭遇供应链攻击：被投毒版本植入 RA

嗯，用户发来一个请求，让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要特定的开头。首先，我得理解用户的需求是什么。看起来他们可能是在处理某个环境异常的问题，需要快速了解文章内容。 接下来，我注意到用户提供的文章内容主要是关于环境异常的提示，说完成验证后可以继续访问，并有一个“去验证”的链接。所以，文章的核心信息应该是关于环境异常和验证的必要性。 然后，我要考虑如何在一百个字以内准确传达这个信息。可能需要提到环境异常、验证的重要性以及继续访问的条件。同时，避免使用“文章内容总结”这样的开头，直接进入主题。 最后，检查一下是否符合所有要求：字数控制、直接描述、不使用特定开头。确保总结清晰简洁，让用户一目了然。 当前环境出现异常问题，需完成验证后才能继续访问。

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要用“文章内容总结”之类的开头。直接写描述就行。那我得先看看文章的内容。 文章标题是“环境异常”，里面提到当前环境异常，完成验证后可以继续访问，还有个“去验证”的按钮。看起来像是一个提示信息，让用户进行验证才能继续使用服务。 那我得把这些信息浓缩一下。首先说明环境异常，然后指出需要完成验证才能继续访问。这样应该能涵盖主要内容了。 控制在100字以内的话，可能需要精简一些词汇。比如“当前环境异常”可以简化为“环境异常”。然后提到验证和继续访问。 最后检查一下是否符合要求：没有使用特定的开头，直接描述内容，字数控制在100字以内。 环境异常提示用户需完成验证后才能继续访问。