Aggregator

A vulnerability was found in devitemsllc ShopLentor Plugin up to 2.8.3 on WordPress and classified as problematic. The affected element is an unknown function. Such manipulation of the argument slitems leads to cross site scripting. This vulnerability is listed as CVE-2024-2868. The attack may be performed from remote. There is no available exploit.

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions (complete list

嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内。首先，我需要快速浏览文章，抓住主要信息。文章讲的是发现了108个Chrome扩展程序，它们被用来窃取用户数据和进行浏览器层面的滥用。这些扩展程序通过同一个命令控制基础设施运作，窃取Google账户信息、注入广告和JavaScript代码。 接下来，我注意到这些扩展程序伪装成各种合法工具，比如Telegram客户端、游戏和翻译工具。它们通过OAuth2窃取Google账户身份，并且在后台运行恶意代码，捕获会话信息。此外，这些扩展还剥离了YouTube和TikTok的安全头，注入赌博覆盖层和广告。 文章还提到，所有108个扩展共享同一个后端服务器，并且在代码中发现了俄语评论。目前还不清楚是谁在背后操纵这些扩展程序。最后，建议用户立即删除这些扩展，并从Telegram移动应用中注销所有Web会话。 现在我要把这些信息浓缩到100字以内。需要包括发现的扩展数量、它们的功能、伪装成合法工具、窃取数据、注入广告和JavaScript代码、后端服务器以及建议删除扩展等关键点。 可能的结构是：描述发现的恶意Chrome扩展数量及其目的，伪装成合法工具，窃取数据并注入广告/脚本，所有共享同一后端，并建议删除。 这样应该能在100字以内准确传达文章的核心内容。 研究人员发现108款恶意Chrome扩展程序通过伪装成合法工具窃取用户数据并注入广告及脚本代码。这些扩展共享同一后端服务器，并利用OAuth2等技术窃取Google账户信息及Telegram会话数据。建议用户立即删除相关扩展以防止进一步风险。

A vulnerability, which was classified as problematic, was found in arraytics Eventin Plugin up to 4.1.8 on WordPress. Impacted is the function get_item_permissions_check. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-4109. The attack can be executed remotely. There is not any exploit available.

VK предлагает сделать «Дзен» национальной информационной платформой.

好的，我现在要帮用户总结这篇文章。首先，我需要仔细阅读文章内容，理解其主要信息。文章讲的是欧盟立法机构和各国政府达成协议，提高钢铁进口关税，以保护本地产业，特别是针对中国等国家的廉价竞争。 接下来，我需要确定用户的需求。用户要求用中文总结，控制在100字以内，并且不要以“文章内容总结”或“这篇文章”开头。这意味着我需要直接描述文章内容。 然后，我要提取关键信息：欧盟提高了钢铁关税至50%，削减了47%的免税额度，将免税配额减少到1830万吨，并且议案需要欧洲理事会和议会批准才能生效。此外，现行关税将在六月底结束。 现在，我要将这些信息浓缩成一句话或几句话，确保不超过100字。同时要保持语言简洁明了，不使用复杂的词汇。 最后，检查是否符合所有要求：字数控制、开头方式、信息准确无误。确保没有遗漏重要细节，并且表达清晰。 欧盟与各国政府达成协议,将钢铁进口关税提高至50%,并大幅削减免税额度,以保护本地钢铁产业,防止中国等国廉价竞争。

A vulnerability has been found in Mozilla Firefox up to 148 and classified as critical. Affected is an unknown function of the component JavaScript Engine. This manipulation causes type confusion. This vulnerability is tracked as CVE-2026-4702. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as problematic was found in Mozilla Firefox up to 148. This issue affects some unknown processing of the component HTTP. Such manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2026-4700. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 148. This impacts an unknown function of the component JavaScript Engine. The manipulation results in use after free. This vulnerability is identified as CVE-2026-4701. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 148. This vulnerability affects unknown code of the component JIT. This manipulation causes type confusion. The identification of this vulnerability is CVE-2026-4698. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 148. The impacted element is an unknown function of the component Fonts. Executing a manipulation can lead to memory corruption. The identification of this vulnerability is CVE-2026-4699. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Mozilla Firefox up to 148. This vulnerability affects unknown code of the component Fonts. The manipulation results in use after free. This vulnerability is known as CVE-2026-4696. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 148. This affects an unknown function of the component Web Codecs. The manipulation leads to memory corruption. This vulnerability is referenced as CVE-2026-4697. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Mozilla Firefox up to 148. This issue affects some unknown processing of the component Web Codecs. This manipulation causes memory corruption. This vulnerability is handled as CVE-2026-4695. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

2026年4月14日，深瞳漏洞实验室监测到一则Marimo组件存在绕过认证漏洞的信息，漏洞编号：CVE-2026-39987，漏洞威胁等级：高危。

Explore the debate between "Cyber Nirvana" and the "Vulnpocalypse" as AI tools like Anthropic’s Mythos threaten to collapse the traditional security model in a "supernova" event.

The post The Treatment Was Successful. Unfortunately the Patient Died appeared first on Security Boulevard.

Вебинар Positive Technologies 16 апреля 2026 в 14:00

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读文章，抓住主要信息。文章讲的是TCL电子考虑出售印度电视制造部门的部分股份，目的是促进业务增长。他们寻求筹集至少两亿美元，目前还在初步阶段，可能不会达成交易。TCL效仿海尔的成功模式，海尔去年将印度子公司的部分股权出售给印度和美国的集团。TCL进入印度市场已有八年，希望通过这次股权转让在竞争激烈的环境中站稳脚跟。 接下来，我需要把这些信息浓缩到100字以内。重点包括：TCL考虑出售股份、筹集资金、效仿海尔、本土化合作、增强竞争力。要确保语言简洁明了，直接描述内容，不需要开头语。 可能的结构是：TCL考虑出售印度电视部门部分股权以促进增长，寻求筹资至少2亿美元。此举效仿海尔的本土化合资模式，旨在增强竞争力。 检查字数是否在限制内，并确保信息准确无误。 TCL电子考虑出售印度电视制造部门部分股权以促进业务增长，并寻求筹资至少2亿美元。此举效仿海尔的本土化合资模式，旨在增强竞争力。