Aggregator

关键词安全漏洞网络安全研究人员日前在Synology Mail Server中发现一个被追踪为CVE-2025

关键词零日漏洞Mozilla 针对 Windows 系统上的 Firefox 浏览器发布了紧急安全更新，以解决

关键词恶意软件网络安全研究人员近期揭露一起新型网络攻击事件：不法分子正利用即将上映的迪士尼真人电影《白雪公主》

关键词数据泄露美国主要互联网服务提供商WideOpenWest（WOW！）近日遭遇重大网络安全事件。

The Shift from Compliance-Driven GRC to Dynamic Cyber Risk Management

The world of cybersecurity has undergone a dramatic transformation, moving beyond simple checklists and technical jargon. The focus has shifted from siloed governance, risk, and compliance (GRC) exercises to cyber risk management that aligns security with business priorities. This transition was a key topic in the recent webinar, The Next-Gen CISO’s Guide to Cyber ROI, where experts discussed how organizations must adopt a risk-first mindset rather than a compliance-driven approach.

The post Best Practices for Cyber Risk Management: Why CISOs Must Lead with Real-time Data appeared first on Security Boulevard.

Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857) is under active exploitation, but this should not be surprising: according to Statcounter, Chrome is used by 66.3% of internet users worldwide and Firefox only by 2.62%. About CVE-2025-2857 CVE-2025-2783 has been described as “a … More →

The post Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) appeared first on Help Net Security.

A critical SQL injection vulnerability, tracked as CVE-2025-24799, has been identified in GLPI, a widely used open-source IT Service Management (ITSM) tool. The flaw, if exploited, enables remote, unauthenticated attackers to manipulate database queries, potentially leading to severe consequences such as data theft, tampering, or even remote code execution. CVE-2025-24799 is an SQL injection vulnerability that specifically […]

The post GLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in ZEEN101 Leaky Paywall Plugin up to 4.21.7 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-31083. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Compete Themes Unlimited Plugin up to 1.45 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-31073. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Usermaven Plugin up to 1.2.1 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-31079. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Bob Hostel Plugin up to 1.1.5.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-31102. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WPXPO PostX Plugin up to 4.1.25 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-31096. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in teastudio WP Posts Carousel Plugin up to 1.3.8 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-31094. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Ultimate Blocks Plugin up to 3.2.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-31077. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in redpixelstudios RPS Include Content Plugin up to 1.2.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-31093. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WP Compress for MainWP Plugin up to 6.30.03 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2025-31076. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in alordiel Dropdown Multisite selector Plugin up to 0.9.3 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-31090. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cozmoslabs Paid Member Subscriptions Plugin up to 2.14.3 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-31088. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in videowhisper MicroPayments Plugin up to 2.9.29 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2025-31075. The attack can be launched remotely. There is no exploit available.