Aggregator

CVE-2025-3074 | Google Chrome up to 134.0.6998.177 Downloads clickjacking (Nessus ID 233812)

Vuldb Updates
4 months 1 week ago
A vulnerability was found in Google Chrome. It has been classified as problematic. This affects an unknown part of the component Downloads. The manipulation leads to clickjacking. This vulnerability is uniquely identified as CVE-2025-3074. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-0762 | Google Chrome up to 132.0.6834.110 DevTools use after free (Nessus ID 214728)

Vuldb Updates
4 months 1 week ago
A vulnerability was found in Google Chrome and classified as critical. This issue affects some unknown processing of the component DevTools. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-0762. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
4 months 1 week ago

A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, has sent shockwaves through the cybersecurity community after researchers revealed it could enable attackers to execute arbitrary code and escalate privileges to SYSTEM level on targeted machines. The flaw, disclosed by researchers at Cyberdom Blog, poses a significant risk to millions of Windows […]

The post Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs
4 months 1 week ago
Japan ’s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan ’s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. “There has been a sharp increase in the number of cases of unauthorized […]
Pierluigi Paganini

【动态】重庆信通设计院 助力 第八届关键信息基础设施自主安全创新论坛暨《2024网信自主创新调研报告》发布

嘶吼
4 months 1 week ago

2025年4月19日,第八届关键信息基础设施自主安全创新论坛暨《2024网信自主创新调研报告》发布活动在北京隆重举行,重庆信通设计院作为重要贡献单位荣幸出席发布仪式。

在发布仪式上,重庆信通设计院被授予“《2024网信自主创新调研报告》突出贡献单位”荣誉称号。

据悉,本年度调研在思路、流程和呈现形式上都进行了大胆创新,收获了积极成果。编委会在调研和编写过程中共收集220个案例,原始素材105万字,涉及10个重点行业(领域)、28个应用场景、155 个真实案例。这些来自行业和产业一线的数据真实地反映了网信自主创新工作的成果和现实问题。


在4月21日线上成果展示环节,重庆信通设计院软件成本度量专家展示了公司在“信息技术应用创新应用软件适配改造成本度量方法研究”方面的能力以及取得的一些成果。


要想掌握发展主动权,只有自主创新。重庆信通设计院将与业界一道,在充满机遇与挑战的2025年,肩负起网信自主创新的重任,在这条长征路上砥砺前行。

来源:重庆信通设计院天空实验室

网络伍豪

WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
4 months 1 week ago

Cybersecurity researchers have uncovered a sprawling ad-fraud operation exploiting WordPress plugins to trigger over 1.4 billion fraudulent ad requests every day. Dubbed “Scallywag,” this scheme leverages customizable extensions to monetize digital piracy through a complex web of cashout domains, URL shorteners, and crafty redirections. Monetizing pirated content has always presented challenges for cybercriminals, as mainstream […]

The post WordPress Ad-Fraud Plugins Trigger Massive 1.4 Billion Daily Ad Requests appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Python 3.14 将支持模板字符串

Solidot
4 months 1 week ago
Python Steering Council 接受了 PEP 750 (Template Strings) ,预计 10 月释出的 Python 3.14 将加入对模板字符串的支持。模板字符串((t-strings)是一种新型的字符串,能生成结构化数据而不是原始字符串,允许 Python 库作者构建自己的自定义模板处理逻辑。Python 自 2015 年起就有 f-strings,t-strings 为开发者提供了更多灵活性。

CVE-2025-3457 | OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress Shortcode oceanwp_icon cross site scripting

VulDB Recent Entries
4 months 1 week ago
A vulnerability was found in OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress. It has been declared as problematic. This vulnerability affects the function oceanwp_icon of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-3457. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-3472 | OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress Shortcode do_shortcode code injection

VulDB Recent Entries
4 months 1 week ago
A vulnerability was found in OceanWP Ocean Extra Plugin up to 2.4.6 on WordPress and classified as critical. Affected by this issue is the function do_shortcode of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-3472. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-26413 | Apache Kvrocks up to 2.11.1 SETRANGE Command offset denial of service

VulDB Recent Entries
4 months 1 week ago
A vulnerability has been found in Apache Kvrocks up to 2.11.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SETRANGE Command Handler. The manipulation of the argument offset leads to denial of service. This vulnerability is known as CVE-2025-26413. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad