Posts of last 24 hours
尽管各种榜单和报道不断宣称大模型已具备极强的网络攻击能力,但我们的实证研究表明,当前AI仍远未强大到可以让
https://mp.weixin.qq.com/s?__biz=MzU4NzUxOTI0OQ==&mid=2247499183&idx=1&sn=383248d4e2b1d46f5b2b1494c7e52d9a
A vulnerability identified as critical has been detected in priyanshuchaudhary FlowForms Plugin up to 1.1.1 on WordPress. The affected element is the function update_form of the component Form Update Handler. This manipulation of the argument form_id causes improper control of resource identifiers.
The identification of this vulnerability is CVE-2026-12400. It is possible to initiate the attack remotely. There is no exploit available.
https://vuldb.com/vuln/377450
A former ransomware negotiator was sentenced to nearly six years for secretly helping BlackCat extort victims while betraying his clients. A U.S. court sentenced former ransomware negotiator Angelo Martino, 41, to 70 months in prison for conspiring with the BlackCat ransomware gang. While negotiating on behalf of five victims, he secretly shared confidential information about […]
https://securityaffairs.com/195081/cyber-crime/former-ransomware-negotiator-sentenced-to-70-months-in-prison-for-secretly-helping-blackcat-gang.html
A vulnerability categorized as problematic has been discovered in easyappointments Easy Appointments Plugin up to 3.12.27 on WordPress. Impacted is an unknown function of the component Authorization. The manipulation results in authorization bypass.
This vulnerability was named CVE-2026-11992. The attack may be performed from remote. There is no available exploit.
https://vuldb.com/vuln/377449
A vulnerability was found in GW AI Website Builder Plugin up to 1.0.1 on WordPress. It has been rated as problematic. This issue affects the function gwaiwebu_gravitywrite_disconnect_handler of the component AJAX Action Handler. The manipulation leads to improper authorization.
This vulnerability is uniquely identified as CVE-2026-1946. The attack is possible to be carried out remotely. No exploit exists.
https://vuldb.com/vuln/377448
A vulnerability was found in carazo Import and Export Users and Customers Plugin up to 2.4.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Email Template Handler. Executing a manipulation of the argument email_template_selected can lead to information disclosure.
This vulnerability is handled as CVE-2026-15026. The attack can be executed remotely. There is not any exploit available.
https://vuldb.com/vuln/377447
A vulnerability was found in wplegalpages GDPR Cookie Consent Plugin up to 4.3.6 on WordPress. It has been classified as problematic. This affects the function wp_ajax_gcc_save_schedule_scan of the component Cookie Scan Schedule Configuration. Performing a manipulation results in improper authorization.
This vulnerability is known as CVE-2026-12955. Remote exploitation of the attack is possible. No exploit is available.
https://vuldb.com/vuln/377446
Азиатские фабрики уже вовсю печатают двухнанометровые микросхемы.
https://www.securitylab.ru/news/574660.php
A vulnerability was found in Happyforms Plugin up to 1.26.12 on WordPress and classified as problematic. Affected by this issue is the function happyforms_get_form_partial of the component Form Builder. Such manipulation leads to file inclusion.
This vulnerability is traded as CVE-2025-11977. The attack may be launched remotely. There is no exploit available.
https://vuldb.com/vuln/377445
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out and take everything it controls.
The firm has confirmed one coordinated sweep on May 27
https://thehackernews.com/2026/07/attackers-exploit-ill-bloom.html