Aggregator

A vulnerability was found in Coda Unit4 Financials 2024Q1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument cols leads to cross site scripting. This vulnerability was named CVE-2024-28734. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Themefic Tourfic Plugin up to 2.11.7 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-29137. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in DEV Institute Restrict User Access Plugin up to 2.5 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-29138. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Mark Tilly MyCurator Content Curation Plugin up to 3.76 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-29139. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Matt Manning MJM Clinic Plugin up to 1.1.22 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-29140. The attack can be initiated remotely. There is no exploit available.

Иногда чтобы потушить пожар, нужно выбросить все ведра.

A vulnerability has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /v1/pushConfig/detail/. The manipulation leads to improper authorization. This vulnerability is known as CVE-2025-3550. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use large language models. CISOs cannot treat this as a secondary concern. To reduce risk, security leaders should focus on policy, visibility, and culture. Set clear rules about what data can and cannot be entered into AI systems. Monitor usage to identify shadow AI before it becomes … More →

The post The quiet data breach hiding in AI workflows appeared first on Help Net Security.

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and […]

Российские компании столкнулись с изощрёнными методами цифрового вторжения.

科学家发现乌鸦能掌握几何规律性，这是首次在人类之外的动物中发现几何直觉。人类非常擅长从形状中观察到几何规律性。其它动物也具有某种与生俱来的几何感，但此前的研究并没有测试它们是否能区分几何规律。研究人员表示其它动物可能也具有几何直觉。在实验中，研究对象是两只腐肉乌鸦，它们参加了在计算机屏幕上找不同几何形状的游戏。它们必须从屏幕上的一组形状中识别不同的形状从而获得美味食物的奖励。举例来说，屏幕上展示五个月亮和一朵花，乌鸦必须正确啄花朵才能获得奖励。在乌鸦熟悉游戏之后，研究人员开始展示正方形、平行四边形或不规则四边形等各种形状。举例来说，研究人员展示了四个完美的正方形以及一个略微变形的四边形。这些四边形都十分相似，乌鸦能否识别其中的异常？结果显示乌鸦能够。测试表明乌鸦能感知直角、平行线和对称性。

Tirreno is an open-source fraud prevention platform designed as a universal analytics tool to monitor online platforms, web applications, SaaS products, digital communities, mobile apps, intranets, and e-commerce websites. “Our aim is to liberate online fraud protection technologies, making them widely available for organizations of any size. Tirreno is designed to be as easy to set up as typical website analytics tools. Unlike most cyberfraud prevention services, Tirreno is not solely focused on transactions or … More →

The post Tirreno: Open-source fraud prevention platform appeared first on Help Net Security.

A CVSS score 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L severity vulnerability discovered by 'Alfredo Oliveira and David Fiser of Trend Research' was reported to the affected vendor on: 2025-04-14, 64 days ago. The vendor is given until 2025-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Andrea Micalizzi aka rgod (@rgod777)' was reported to the affected vendor on: 2025-04-14, 64 days ago. The vendor is given until 2025-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Andrea Micalizzi aka rgod (@rgod777)' was reported to the affected vendor on: 2025-04-14, 65 days ago. The vendor is given until 2025-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-14, 65 days ago. The vendor is given until 2025-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Andrea Micalizzi aka rgod (@rgod777)' was reported to the affected vendor on: 2025-04-14, 65 days ago. The vendor is given until 2025-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-14, 65 days ago. The vendor is given until 2025-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-04-14, 65 days ago. The vendor is given until 2025-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-04-14, 65 days ago. The vendor is given until 2025-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.