Aggregator

AI 这股旋风，又上升到了一个新能级。

A vulnerability was found in XplodedThemes WPide Plugin up to 2.6 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2022-40217. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Apasionados Export Post Info Plugin up to 1.2.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to csv injection. This vulnerability is handled as CVE-2022-38061. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in WP Rating System Plugin up to 3.3.4 on WordPress and classified as critical. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to race condition. This vulnerability was named CVE-2022-40310. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in ExpressTech Quiz and Survey Master Plugin up to 7.3.4 on WordPress. This affects an unknown part of the component Quiz Handler. The manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2021-36865. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ExpressTech Quiz and Survey Master Plugin up to 7.3.6 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper control of resource identifiers. This vulnerability is traded as CVE-2021-36906. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in wpForo Forum Plugin up to 2.0.5 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to improper control of resource identifiers. The identification of this vulnerability is CVE-2022-40205. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in wpForo Forum Plugin up to 2.0.5 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper control of resource identifiers. This vulnerability is traded as CVE-2022-40206. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Betheme Theme up to 26.5.1.4 on WordPress. This affects an unknown part. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2022-45077. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in wpForo Forum Plugin up to 2.0.9 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2022-40200. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ProfileGrid Plugin up to 5.1.6 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to csv injection. This vulnerability was named CVE-2022-41791. The attack can be initiated remotely. There is no exploit available.

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Fortinet, Pangea, Privacera, and Veeam Software. Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response FortiAnalyzer offers a streamlined entry point to scale an organization’s security operations center (SOC), providing broad coverage for both on-premises and cloud environments from a single platform. With ready-to-deploy capabilities that deliver complete control with centralized visibility, advanced threat detection, and automated … More →

The post New infosec products of the week: February 21, 2025 appeared first on Help Net Security.

It's critical for healthcare providers that offer telehealth and remote patient monitoring services to incorporate these systems into their organizational risk programs, including how they plan to address issues such as patch management from afar, said attorney Betsy Hodge of the law firm Akerman.

Experts Say Consumers Gain Little as Implementation Challenges Loom for Framework
Australia's new scams framework bill sets the foundation for industry action but leaves consumers with limited protection. Experts warn that enforcement and reimbursement mechanisms are unclear, forcing victims to navigate a complex system with little guarantee of compensation.

Also: Lee Enterprises Recovering From Ransomware Attack, an Ivanti POC
This week, a FBI warning on Ghost ransomware, Lee Enterprises confirmed its ransomware attack, a proof of concept for Ivanti EPM flaws and a cybersecurity flaw in a Xerox machine. Also, a Chinese cyberespionage hacker apparently moonlighted as a ransomware attacker and NioCorp hit by a cyber heist.

Longtime Leader Dino DiMarino to Expand Non-Human Identity, Quantum-Ready Solutions
Dino DiMarino, the new CEO of AppViewX, is steering the company toward growth by expanding its presence in cybersecurity and cloud infrastructure. His strategic focus includes scaling operations, strengthening non-human identity security and safeguarding post-quantum cryptography advancements.

Credential Stuffing Breaches Affected Nearly 200,000 Warby Parker Customers
Federal regulators have levied a $1.5 million HIPAA civil monetary penalty against eyeglass maker and retailer Warby Parker over credential stuffing hacks that affected about 200,000 people. The HIPAA enforcement action is the first disclosed in the second Trump administration.

Что представляет из себя инструмент, позволивший Salt Typhoon годами оставаться в тени?

Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw allows authenticated administrators to execute arbitrary commands on firewalls via manipulated gNMI requests, escalating privileges to root access. The disclosure follows Palo Alto […]

The post Google Released PoC Exploit For Palo Alto Firewall Command Injection Vulnerability appeared first on Cyber Security News.