Aggregator

Speaking at the Munich Cyber Security Conference, Radmila Shekerinska said the security environment has become “more complex” and “more contested,” with rivals operating at the same time in the physical and digital worlds.

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant's threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense

This week’s threat landscape highlights the evolving sophistication of threat actors, who are increasingly targeting newly disclosed and unpatched vulnerabilities. […]

The post Weekly Threat Landscape Digest – Week 7 appeared first on HawkEye.

JoySafety: 大模型安全框架 by ourren

更多最新文章，请访问SecWiki

Defensie mag sterk groeien op bestaande locaties op de Utrechtse Heuvelrug tussen Amersfoort en Zeist. Die ruimte ontstaat voor een belangrijk deel door bestaande terreinen beter te benutten, intensiever te gebruiken en het vastgoed te clusteren en te vernieuwen. Tegelijk worden natuur en landschap beschermd en versterkt.  Vandaag ondertekende staatssecretaris van Defensie Gijs Tuinman een bestuurlijk akkoord en samenwerkingsovereenkomsten voor deelgebieden.

Yuh-Jye Lee, a senior adviser at Taiwan’s National Security Council, delivered a stark warning about China’s intentions to use cyberspace in new and more aggressive ways.

В Гааге выступили против передачи контроля над системой DigiD под юрисдикцию американского права.

A vulnerability labeled as problematic has been found in WP Last Modified Info Plugin up to 1.9.5 on WordPress. This affects the function bulk_save. Such manipulation of the argument post_ids leads to improper control of resource identifiers. This vulnerability is listed as CVE-2025-14608. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in Easy Form Builder Plugin up to 3.9.3 on WordPress. Affected by this issue is some unknown functionality. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-14067. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in StickEasy Protected Contact Form Plugin up to 1.0.1/1.0.2 on WordPress. Affected by this vulnerability is an unknown functionality of the file wp-content/uploads/stickeasy-protected-contact-form/spcf-log.txt. The manipulation results in information disclosure. This vulnerability is identified as CVE-2025-13973. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in BFG Tools Plugin up to 1.0.7 on WordPress. It has been rated as critical. Affected is the function zip of the file /wp-content/plugins/. The manipulation of the argument first_file leads to path traversal. This vulnerability is referenced as CVE-2025-13681. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Santesoft Sante DICOM Viewer Pro 14.2.0. It has been declared as critical. This impacts an unknown function of the component DCM File Parser. Executing a manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2026-2034. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MLflow. It has been classified as critical. This affects an unknown function of the component Artifact Handler. Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-2033. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in HP App on Android and classified as problematic. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-1578. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.