Aggregator

CVE-2025-46434 | Plus Addons for Elementor Page Builder Pro Plugin up to 6.3.6 on WordPress authorization

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability classified as critical has been found in Plus Addons for Elementor Page Builder Pro Plugin up to 6.3.6 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-46434. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53983 | JetElements for Elementor Plugin up to 2.7.7 on WordPress Configuration information disclosure

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability was found in JetElements for Elementor Plugin up to 2.7.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Configuration Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-53983. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-53988 | JetBlocks for Elementor Plugin up to 1.3.18 on WordPress Configuration information disclosure

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability was found in JetBlocks for Elementor Plugin up to 1.3.18 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Configuration Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-53988. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-52580 | Gift Pad region PAY App up to 1.5.27 on Android User Information log file

VulDB Recent Entries
4 months 4 weeks ago
A vulnerability was found in Gift Pad region PAY App up to 1.5.27 on Android and classified as problematic. This issue affects some unknown processing of the component User Information Handler. The manipulation leads to sensitive information in log files. The identification of this vulnerability is CVE-2025-52580. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Cyberattacks Surging Across Indo-Pacific, Researchers Warn

DataBreachToday.com
4 months 4 weeks ago
Report Urges Indo-Pacific Cyber Shield Strategy Amid Increased Nation-State Threats
A Center for a New American Security study found China and North Korea are accelerating cyberattacks, influence operations and infrastructure breaches across the Indo-Pacific, as researchers urge the U.S. to help develop a regional cyber shield, and deploy forward cyber teams.

File Transfer Flaw Blamed in Health Breach Affecting 233,000

DataBreachToday.com
4 months 4 weeks ago
Cierant Corp. Says Cleo MFT Zero-Day Exploit Compromised Health Plan Client Data
A Connecticut-based firm that provides print and electronic document management services to health plans has reported to regulators that an exploit of a vulnerability in file transfer software from third-party vendor Cleo has resulted in a health data compromise affecting nearly 233,000 people.

Darktrace Buys Network Traffic Visibility Firm Mira Security

DataBreachToday.com
4 months 4 weeks ago
Startup Mira Security Will Offer Insights on Encrypted Network Traffic, Decryption
Darktrace purchased a network traffic visibility startup to get insights from encrypted network traffic and decryption for customers in regulated industries. Mira Security will provide organizations with deeper, more comprehensive visibility across on-premises, cloud and hybrid environments.

The MFA Illusion: Rethinking Identity for Non-Human Agents

DataBreachToday.com
4 months 4 weeks ago
As Agentic AI Takes Over Workflows, Traditional Authentication Practices Fall Short
The explosion of agentic AI and autonomous bots to orchestrate cross-system tasks is turning MFA into a brittle defense. Non-human identities often bypass human-centric security controls, operating with static credentials and undefined ownership, creating exploitable identity risks.

Cyberattacks Surging Across Indo-Pacific, Researchers Warn

Ransomware DataBreachToday.com
4 months 4 weeks ago
Report Urges Indo-Pacific Cyber Shield Strategy Amid Increased Nation-State Threats
A Center for a New American Security study found China and North Korea are accelerating cyberattacks, influence operations and infrastructure breaches across the Indo-Pacific, as researchers urge the U.S. to help develop a regional cyber shield, and deploy forward cyber teams.

File Transfer Flaw Blamed in Health Breach Affecting 233,000

Ransomware DataBreachToday.com
4 months 4 weeks ago
Cierant Corp. Says Cleo MFT Zero-Day Exploit Compromised Health Plan Client Data
A Connecticut-based firm that provides print and electronic document management services to health plans has reported to regulators that an exploit of a vulnerability in file transfer software from third-party vendor Cleo has resulted in a health data compromise affecting nearly 233,000 people.

Darktrace Buys Network Traffic Visibility Firm Mira Security

Ransomware DataBreachToday.com
4 months 4 weeks ago
Startup Mira Security Will Offer Insights on Encrypted Network Traffic, Decryption
Darktrace purchased a network traffic visibility startup to get insights from encrypted network traffic and decryption for customers in regulated industries. Mira Security will provide organizations with deeper, more comprehensive visibility across on-premises, cloud and hybrid environments.

The MFA Illusion: Rethinking Identity for Non-Human Agents

Ransomware DataBreachToday.com
4 months 4 weeks ago
As Agentic AI Takes Over Workflows, Traditional Authentication Practices Fall Short
The explosion of agentic AI and autonomous bots to orchestrate cross-system tasks is turning MFA into a brittle defense. Non-human identities often bypass human-centric security controls, operating with static credentials and undefined ownership, creating exploitable identity risks.

英国考虑对苹果 iCloud 加密后门的要求做出让步

Solidot
4 months 4 weeks ago
今年早些时候英国政府秘密向苹果下达命令,要求创建一个 iCloud 后门,允许其安全官员不受阻碍的访问全世界用户的加密数据。英国内政大臣是以“technical capability notice(技术能力通知)”的形式发布这一命令的,要求苹果根据英国 2016 年的 UK Investigatory Powers Act(IPA)法案提供后门访问。苹果在 3 月向调查权力法庭(Investigatory Powers Tribunal)提起上诉,寻求推翻英国政府的命令。根据《金融时报》的最新报道,在美国的压力下,英国内政部考虑做出让步。

Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack

Cyber Security News
4 months 4 weeks ago

Christian Dior Couture, the luxury fashion house owned by Louis Vuitton, has begun notifying customers of a major cybersecurity incident that exposed sensitive personal information of clients.  The breach, discovered in May 2025, involved unauthorized access to customer databases containing personal data including names, addresses, dates of birth, and in some cases, Social Security numbers. […]

The post Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack appeared first on Cyber Security News.

Guru Baran

网信办发布 “关于开展个人信息保护负责人信息报送工作的公告”

嘶吼
4 months 4 weeks ago

根据《个人信息保护法》《个人信息保护合规审计管理办法》等法律法规规章规定,现就开展个人信息保护负责人信息报送工作有关事项公告如下:

一、信息报送要求

根据《个人信息保护法》第五十二条、《个人信息保护合规审计管理办法》第十二条规定,处理100万人以上个人信息的个人信息处理者,应当向所在地设区的市级网信部门履行个人信息保护负责人信息报送手续。

二、信息报送时间

(一)自本公告发布之日起,个人信息处理者处理个人信息达到100万人的,应当自数量达到之日起30个工作日内完成信息报送。

(二)本公告发布前,个人信息处理者处理个人信息数量已经达到100万人的,应当在2025年8月29日前完成信息报送。

(三)报送信息发生实质性变更的,应当在变更之日起30个工作日内办理信息变更手续。

三、信息报送方式

个人信息保护负责人信息报送工作采用线上方式。请直接访问“个人信息保护业务系统”(https://grxxbh.cacdtsc.cn),按照系统首页提供的《个人信息保护负责人信息报送系统填报说明(第一版)》,准备相关材料并履行信息报送手续,也可从中国网信网(https://www.cac.gov.cn)首页“全国网信政务办事大厅”栏目访问“个人信息保护业务系统”。

四、法律责任

未按照《个人信息保护法》《个人信息保护合规审计管理办法》等法律法规规章的规定履行信息报送手续的,依照有关法律法规规章的规定处理。

特此公告。

国家互联网信息办公室

2025年7月18日

来源:“网信中国”微信公众号

新型信息基础设施加速布局,互联网基础资源持续丰富,为互联网普及和数字经济发展提供了坚实支撑。CNNIC第56次报告数据显示,截至今年6月,我国网民规模已达11.23亿人,互联网普及率达79.7%,移动用户上网流量连续6个月实现两位数增长。与此同时,人工智能应用场景不断深化,构建起覆盖多领域的智能应用生态,APP已深度融入公众日常工作与生活的方方面面。

然而,伴随国家监管体系日趋严格与用户隐私保护意识的显著增强,企业正面临前所未有的复杂合规挑战:

·APP业务场景日益多元化、功能组件持续复杂化,如何精准界定并确保信息采集的合规性与合理性?

·面对层出不穷的监管手段和日益精细化的技术合规要求,如何清晰洞察并验证集成的第三方软件数据是否合规?

·加之检测标准与法律条文的多头化,如何将抽象条款中的具体检测事项有效落地执行?

以上构成了当前企业移动应用合规管理的核心困境。梆梆安全建议企业亟需完善移动应用全生命周期的合规检测能力。通过构建常态化、持续化的安全合规机制,赋能企业在动态变化的监管环境中精准识别风险、高效落实要求,将合规压力转化为内生动力,筑牢企业发展的安全基石。

移动应用合规检测框架

梆梆安全依托十余年深耕移动安全领域的技术沉淀与实践经验,系统性搭建了专业的移动应用合规检测框架,通过覆盖应用全生命周期的自动化检测与深度分析,精准识别隐私合规性问题并输出风险评估报告及整改建议,助力企业高效构建合规防线。

1.个人信息隐私合规评估及咨询

依托多年技术沉淀,以为“自动化检测+人工审查”形式,根据企业用户业务场景,提供从合规检测、风险评估到整改落地的一站式安全服务。

2. 个人信息保护合规审计

依据法律法规及监管要求提供合规审计服务,包括管理制度审计、安全措施有效性审计、个人信息处理活动合规审计、法律文件合规审计,涵盖数据处理、跨境传输、安全措施等17项检测大类,助力企业识别风险、建立或完善合规体系,有效规避或降低监管风险、高效处置消费者投诉。

3. 移动应用合规平台

借助深度定制化的检测沙箱、利用自动化脱壳、应用自动化遍历及人工深度辅助测试等技术,全面发现应用权限信息、集成第三方SDK信息,动态行为信息、通过场景化分析,发现应用潜在的隐私合规问题,帮助用户发现应用违规行为并输出合规评估报告及整改建议。

梆梆安全

Managed ad