Aggregator

A CVSS score 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-04-14, 14 days ago. The vendor is given until 2026-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-04-14, 14 days ago. The vendor is given until 2026-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A dangerous malware campaign has been silently targeting cryptocurrency users by hiding inside a fake version of Proxifier, a popular proxy software tool. Threat actors set up a GitHub repository designed to look like a legitimate Proxifier download, but the installer bundled inside it is actually a Trojan that monitors and hijacks clipboard activity to […]

The post Hackers Use Fake Proxifier Installer on GitHub to Spread ClipBanker Crypto-Stealing Malware appeared first on Cyber Security News.

A vulnerability was found in Christmas Greetings Plugin up to 1.2.5 on WordPress. It has been rated as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2116. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in OceanWP Plugin up to 3.5.4 on WordPress. This affects an unknown part. Such manipulation leads to file inclusion. This vulnerability is referenced as CVE-2024-2476. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability marked as problematic has been reported in 130+ Widgets Plugin up to 1.4.2 on WordPress. This vulnerability affects unknown code. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-2250. The attack can be initiated remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in Responsive Plugin up to 5.0.2 on WordPress. The affected element is an unknown function. The manipulation leads to basic cross site scripting. This vulnerability is referenced as CVE-2024-2848. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as problematic has been identified in HUSKY Plugin up to 1.3.5.2 on WordPress. The impacted element is an unknown function. The manipulation results in file inclusion. This vulnerability is identified as CVE-2024-3061. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in MasterStudy LMS Plugin up to 3.3.0 on WordPress. This affects an unknown function. This manipulation causes file inclusion. This vulnerability is tracked as CVE-2024-2411. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in marubon Pocket News Generator Plugin up to 0.2.0 on WordPress. It has been declared as problematic. This issue affects the function option_page of the component Setting Handler. Such manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-2964. The attack may be launched remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in marubon Pocket News Generator Plugin up to 0.2.0 on WordPress. The affected element is an unknown function of the component Setting Handler. Executing a manipulation of the argument Consumer Key/Access Token can lead to cross site scripting. This vulnerability is handled as CVE-2024-2963. The attack can be executed remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in tsina News Wall Plugin up to 1.1.0 on WordPress. This affects the function nwap_newslist_page of the component Setting Handler. The manipulation results in cross-site request forgery. This vulnerability was named CVE-2024-2970. The attack may be performed from remote. There is no available exploit.

A vulnerability categorized as problematic has been discovered in ElementsKit Elementor Addons Plugin up to 3.0.6 on WordPress. This vulnerability affects unknown code. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-1238. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in List Category Posts Plugin up to 0.89.6 on WordPress. Affected by this vulnerability is an unknown functionality. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1051. The attack may be launched remotely. There is no exploit available.

Пока ботнет «ломал» Twitter, эксперты наблюдали за процессом в прямом эфире. И вот, что они узнали…

2026阿里白帽大会 - Kaminsky重现：重新思考DNS辖区原则实现的安全性

好，我现在要帮用户总结这篇文章的内容。用户的要求是用中文，控制在100字以内，不需要特定的开头，直接写描述。首先，我需要仔细阅读文章内容，抓住关键信息。 文章主要讲的是OpenAI收购了Hiro Finance。Hiro是一个人工智能个人理财初创公司，创始人伊桑·布洛赫在周一宣布了这个消息。Hiro得到了一些顶级风投的支持，但收购的具体条款和融资金额没有披露。Hiro将在4月20日停止运营，并在5月13日删除所有数据，媒体称这是“人才收购”。公司成立于2023年，推出了AI工具帮助用户做财务规划。 接下来，我需要把这些信息浓缩到100字以内。重点包括：收购方OpenAI、被收购方Hiro Finance、时间点、风投支持、运营停止和数据删除的时间、以及Hiro的功能。 可能会忽略一些细节，比如具体的风投公司名字和融资金额，因为这些不是最关键的。主要目的是让读者快速了解发生了什么。 最后，确保语言简洁明了，直接描述内容，不使用“文章总结”之类的开头。 OpenAI收购人工智能理财初创公司Hiro Finance。Hiro由伊桑·布洛赫创立于2023年，提供AI驱动的财务规划工具，并于近期停止运营并删除数据。此次收购被视为“人才收购”。

In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in endpoint security and network segmentation, but identity remains the stubborn problem. Identity sprawl, legacy system exceptions, and workforce friction each contribute to stalls that few programs anticipated. Alkove then turns to a challenge most teams are not prepared for: AI agents operating at scale. A … More →

The post Zero trust at year two: What nobody planned for appeared first on Help Net Security.