Aggregator

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, tracked as CVE-2025-24200, being actively exploited in targeted attacks.  The flaw, an authorization bypass in Apple’s USB Restricted Mode, enables attackers with physical access to disable security protections on locked devices, potentially […]

The post CISA Warns of Apple iOS Vulnerability Exploited in Wild appeared first on Cyber Security News.

A vulnerability has been found in ERA404 ImageMeta Plugin up to 1.1.2 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-23845. The attack can be initiated remotely. There is no exploit available.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning of active exploitation of a critical security flaw in Apple’s iOS and iPad operating systems. Tracked as CVE-2025-24200, the vulnerability permits attackers with physical access to bypass critical security protections on locked devices, escalating risks of unauthorized data access and potential device compromise. […]

The post CISA Warns of Active Exploitation of Apple iOS & iPadOS Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat actors are leveraging a modified version of the SharpHide tool to create hidden registry entries, significantly complicating detection and removal efforts. This technique exploits vulnerabilities in Windows registry handling, using null-terminated strings to obscure malicious entries. The modified SharpHide has been integrated into sophisticated attack chains, enabling malware persistence while evading standard detection mechanisms. […]

The post Threat Actors Exploiting Modified SharpHide Tool to Conceal Registry Entries appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, was found in bPlugins Timeline Block Plugin up to 1.1.1 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-26754. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Webilia Vertex Addons for Elementor Plugin up to 1.2.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-26769. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in sonalsinha21 SKT Blocks Plugin up to 1.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-26771. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Detheme Kit for Elementor Plugin up to 2.1.8 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-26772. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Adnan Analytify Plugin up to 5.5.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-26773. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in RealMag777 Bear Plugin up to 1.1.4.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-26775. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Gallery Plugin up to 2.2.1 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-26778. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Joe Waymark Plugin up to 1.5.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-26770. The attack may be launched remotely. There is no exploit available.

Multiple vulnerabilities in enterprise-grade Xerox Versalink C7025 multifunction printers (MFPs) enable attackers to intercept authentication credentials from Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) services.  Designated as CVE-2024-12510 and CVE-2024-12511, these flaws allow malicious actors to execute “pass-back attacks” – a technique that redirects device authentication attempts to attacker-controlled systems.  The vulnerabilities, […]

The post Xerox Printers Vulnerability Let Attackers Capture Authentication Data From LDAP & SMB appeared first on Cyber Security News.

A vulnerability classified as critical was found in Microsoft Edge. Affected by this vulnerability is an unknown functionality of the component Scripting Engine. The manipulation leads to memory corruption. This vulnerability is known as CVE-2016-7190. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

新闻速览 •《个人信息保护合规审计管理办法》发布，5月起施行 •特朗普施压，美国CISA被迫停止选举安全支持工 […]

一项新研究认为，人类或许并非超凡的存在，而是地球自然演化的结果。这个研究尝试推翻有数十年历史的「Hard-Steps理论」，该理论认为智慧生命的出现是一个极低机率的事件，研究的新解释提高了宇宙中存在其他智慧生命的可能性。Hard-Steps理 论由理论物理学家在 1983 年提出，认为人类演化所需时间相较于太阳寿命过于漫长，显示智慧生命出现的机率极低，因此宇宙中类似人类的存在极为稀少。生物演化步骤中若有某些关键步骤所需时间过长（即所谓的 Hard Step），则智慧生命的出现机率会极低，基于此，Hard-Step理论预测宇宙中几乎没有其他智慧文明存在。新研究挑战了 Hard-Steps理论的演化单一性与低机率性假设。传统观点认为，生命起源、氧合光合作用、真核细胞、多细胞性及智人的出现都是「演化单一性」，即只在地球历史中出现过一次，因此被视为低机率事件。然而，研究深入探讨了这种单一性可能由于地质时间尺度上的讯息遗失或演化竞争优势所致。例如，若其他独立演化的生命形式在早期地球环境中灭绝，则现代生物多样性中仅存的分支会给人单一性的错觉。此外，首次出现的物种可能在生态位上占据优势，抑制后续重复出现的机会，这种「演化优势」使单一性显现出极低机率。

A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This attack chain allows remote execution of malicious code, enabling full server compromise, data theft, and persistent control over infected sites. The /wp-content/mu-plugins/ directory – designed for “must-use” plugins that […]

The post Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely appeared first on Cyber Security News.

A vulnerability classified as critical has been found in Linux Kernel up to 6.11.10/6.12.1. This affects the function anon_fd of the component cachefiles. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-56549. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Java SE 8u431. It has been rated as problematic. This issue affects some unknown processing of the component Install. The manipulation leads to files or directories accessible. The identification of this vulnerability is CVE-2025-0509. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

2025年1月，中央网信办举报中心指导全国各级网信举报工作部门、主要网站平台受理网民举报色情、赌博、侵权、谣言等违法和不良信息1691.6万件，环比下降6.2%、同比下降8.8%。