Aggregator

Молодые специалисты нашли общий язык с Copilot там, где опытные сдались.

Sonar achieves SOC 2 Type II compliance, reflecting its dedication to protecting customer data and ensuring the integrity of its operations now and in the future.

The post Sonar Earns SOC 2 Type II Compliance appeared first on Security Boulevard.

Encryption Consulting announced significant updates to its CodeSign Secure platform, a comprehensive code-signing solution designed to address the challenges of software security in modern development environments. As organizations prioritize software integrity, authenticity, and compliance, the complexities of managing secure code-signing processes have grown. CodeSign Secure’s latest enhancements support development teams in signing a broader range of files, streamlining workflows, and ensuring compliance with industry standards while maintaining high levels of security. Expanding capabilities to meet … More →

The post Encryption Consulting enhances CodeSign Secure platform appeared first on Help Net Security.

zkLend, a prominent decentralized finance (DeFi) protocol built on Ethereum’s Layer-2 zk-rollup technology, has fallen victim to a major security breach resulting in the theft of approximately 3,300 ETH, valued at around $8.5 million at current market prices.  Unexpectedly, zkLend has publicly contacted the attacker, offering a 10% whitehat bounty—equivalent to 330 ETH ($850,000)—in exchange […]

The post zkLend Hacked – $8.5M Stolen, Company offers 10% whitehat Bounty to Attacker appeared first on Cyber Security News.

A critical vulnerability in YouTube’s infrastructure allowed attackers to expose the email addresses tied to anonymous channels by combining flaws in Google’s account management system and an outdated Pixel Recorder API. The exploit chain, discovered by security researchers Brutecat and Nathan, leveraged YouTube’s internal user-blocking feature and a misconfigured cloud service to bypass privacy protections, […]

The post New YouTube Bug Exploited to Leak Users’ Email Addresses appeared first on Cyber Security News.

调查显示 31% 开发者将修复漏洞列为首要任务，AI 正成为安全左移的加速器。

A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of significant vulnerabilities in routers and smart devices, primarily targeting industrial and home networks worldwide.  The Shadowserver Foundation recently shared on X the botnet’s active exploitation of several vulnerabilities, including CVE-2024-41473 (Tenda), CVE-2024-12987 (Draytek), CVE-2024-9916 (HuangDou UTCMS V9),  Four-Faith CVE-2024-9644 and […]

The post Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control appeared first on Cyber Security News.

Хакеры похищают данные через поддельные запросы о сотрудниках.

Hackers have allegedly breached OmniGPT, a ChatGPT-like AI chatbot platform, exposing sensitive data of over 30,000 users.  The leaked data reportedly includes email addresses, phone numbers, API keys, and over 34 million user-chatbot interactions.  A post on a hacking forum by a user named “Gloomer” claims responsibility for the breach, raising serious concerns about data […]

The post Hackers Allegedly Claiming Breach OmniGPT, 30,000+ User Accounts Exposed appeared first on Cyber Security News.

Как женщина обманула сотни компаний Кремниевой долины.

«Стоит идее завладеть мозгом, избавиться от неё практически невозможно».

A vulnerability has been found in themefusecom Brizy Plugin up to 2.6.8 on WordPress and classified as problematic. This vulnerability affects unknown code of the component REST API SVG File Upload Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-10322. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in kevonadonis WP Abstracts Plugin up to 2.7.3 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-12386. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in uscnanbu Welcart e-Commerce Plugin up to 2.11.9 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument name leads to cross site scripting. This vulnerability is handled as CVE-2025-0511. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in enituretechnology Small Package Quotes Plugin up to 3.6.4 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is known as CVE-2024-13532. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in enituretechnology LTL Freight Quotes Plugin up to 3.4.1 on WordPress. Affected is an unknown function. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is traded as CVE-2024-13480. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in enituretechnology LTL Freight Quotes Plugin up to 2.5.8 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument edit_id leads to sql injection. The identification of this vulnerability is CVE-2024-13477. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in themefusecom Brizy Plugin up to 2.6.4 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-10960. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.