Aggregator

A vulnerability was found in Hubbub Lite Plugin up to 1.33.0 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality of the component Password Protected Post Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-1526. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in invoke-ai invokeai up to 5.4.2 and classified as very critical. This issue affects some unknown processing of the file /api/v2/models/install of the component API. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-12029. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ollama up to 0.3.14. It has been rated as critical. This issue affects some unknown processing of the component HTTP Response Handler. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2024-12886. The attack may be initiated remotely. Furthermore, there is an exploit available.

Scammers are in on the sextortion trend. Our expert analysis on this trend found that the likelihood of being targeted by sextortion scammers in the first few months of 2025 increased by a whopping 137% in the U.S., while the risk jumped to 49% in the U.K. and 34% in Australia.

The post Sextortion scams are on the rise — and they’re getting personal appeared first on Security Boulevard.

A massive cybercrime network known as "VexTrio" is using thousands of compromised WordPress sites to funnel traffic through a complex redirection scheme.

A vulnerability was found in Foreground Skin up to 1.42.1 on MediaWiki. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Sidebar Menu Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-40605. The attack may be launched remotely. There is no exploit available.

The Amazon Nova AI Challenge puts student research to the test and aims to bring a new perspective to challenges arising from the increase in AI-assisted software development.

Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process. [...]

Former Michigan Football Coach Indicted for Hacking Student-Athlete Data to Steal Private Photos and Videos

I can’t believe that KubeCon + CloudNativeCon Europe 2025 is just around the corner! Once again, I’m excited to meet up with my friends and colleagues again at this event dedicated to cloud native computing. This year the event is in London, England from April 1st to 4th at the Excel London. As a practitioner, tech enthusiast, end user, and open source contributor, I have a lot in common with many of the KubeCon attendees who’ll be joining me there. I’m also speaking in a session this year about Kubernetes Policy as Code (PaC). This post is a mini-guide for what to expect and the keynotes and talks I’m looking forward to attending myself.

The post Can’t Miss Keynotes & Tech Talks at KubeCon Europe 2025 appeared first on Security Boulevard.

The post Beyond CASB: Strengthening Cloud Security with Deep File Inspection & Data Protection appeared first on Votiro.

The post Beyond CASB: Strengthening Cloud Security with Deep File Inspection & Data Protection appeared first on Security Boulevard.

Veeam released security patches for a critical Backup & Replication vulnerability that could let attackers remotely execute code. Veeam addressed a critical security vulnerability, tracked as CVE-2025-23120 (CVSS score of 9.9), impacting its Backup & Replication software that could lead to remote code execution. The vulnerability impacts 12.3.0.310 and all earlier version 12 builds, it was […]

See how independent analyst firm Frost & Sullivan used the SafeBreach exposure validation platform to test the efficacy of the Cato SASE Cloud Platform.

The post Frost & Sullivan Report: Independent Security Efficacy Testing of Cato SASE Platform Using SafeBreach appeared first on SafeBreach.

The post Frost & Sullivan Report: Independent Security Efficacy Testing of Cato SASE Platform Using SafeBreach appeared first on Security Boulevard.

Worms break ground and fake browser updates march forward in this month's edition of Intelligence Insights

The CIS CTI team spotted a Lumma Stealer campaign where SLTT victims were redirected to malicious webpages delivering fake CAPTCHA verifications.