Aggregator

Apple fixed an exploited zero-day in iOS, macOS, and other devices that allowed attackers to run code via a memory flaw. Apple released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to address an actively exploited zero-day tracked as CVE-2026-20700. The flaw is a memory corruption issue in Apple’s Dynamic Link Editor (dyld) that […]

New TrendAI report warns that most security tools can’t protect against attacks on AI skills artifacts

Мессенджер ответил на блокировки в России.

Many internet users believe VPNs make them completely anonymous online. While VPNs hide your IP address and encrypt traffic, a new fingerprinting technique reveals they cannot protect against all tracking methods. Country-specific AdBlock filter lists installed in browsers can expose your location, even when using a VPN. Most ad blockers, such as uBlock Origin, Brave, […]

The post Adblock Filters Exposes Reveal User Location Despite VPN Protection appeared first on Cyber Security News.

A vulnerability was found in Grafana and Grafana Enterprise up to 11.6.10/12.1.6/12.2.4/12.3.2 and classified as problematic. Affected is an unknown function of the component Public Dashboard. The manipulation results in information disclosure. This vulnerability is reported as CVE-2026-21722. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Grafana and Grafana Enterprise up to 12.2.4/12.3.2 and classified as problematic. This impacts an unknown function of the component Jaeger HTTP API. The manipulation leads to injection. This vulnerability is documented as CVE-2025-41117. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as critical was found in Migration, Backup, Staging Plugin up to 0.9.123 on WordPress. This affects the function openssl_private_decrypt. The manipulation results in path traversal. This vulnerability was named CVE-2026-1357. The attack may be performed from remote. There is no available exploit.

A vulnerability described as problematic has been identified in iONE360 Configurator Plugin up to 2.0.57 on WordPress. This impacts an unknown function of the component Contact Form Parameter Handler. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-15440. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in iONE360 Configurator Plugin up to 2.0.57 on WordPress. Affected is an unknown function of the component Contact Form Parameter Handler. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-15440. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in MMA Call Tracking Plugin up to 2.3.15 on WordPress. This affects the function mma_call_tracking_menu. Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2026-1215. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in WPlyr Media Block Plugin up to 1.3.0 on WordPress. This impacts an unknown function. The manipulation of the argument _wplyr_accent_color leads to cross site scripting. This vulnerability is documented as CVE-2026-0724. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in Category Image Plugin up to 2.0 on WordPress. Affected is an unknown function. The manipulation of the argument tag-image results in cross site scripting. This vulnerability is reported as CVE-2026-0815. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in Category Image Plugin up to 2.0 on WordPress. Affected by this vulnerability is an unknown functionality. This manipulation of the argument tag-image causes cross site scripting. This vulnerability appears as CVE-2026-0815. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in WP eCommerce Plugin up to 3.15.1 on WordPress. It has been rated as critical. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is listed as CVE-2026-1235. The attack may be initiated remotely. There is no available exploit.

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point

大数据时代，公民的个人信息面临被泄露、滥用的巨大风险，这无疑会影响公民的生活安宁，甚至威胁生命财产安全。在此背景下，强化公民个人信息保护刻不容缓。

报告持续跟踪评估数字全球化态势，分析主要国际治理机制和焦点议题进展，希望为各界把握全球数字治理动向，深度参与国际合作提供参考。

《关于提升境外人员入境数字化服务便利性的实施意见》着眼境外人员入境使用数字化服务的迫切需求，通过优化完善基础服务、支付服务、旅游服务、公共服务等举措，与全球分享我国数字化、网络化、智能化发展红利，以制度创新推动高水平对外开放。

近期，部分网络账号发布AI生成合成信息时，不添加AI标识，存在利用虚假不实内容欺骗误导公众的问题，破坏网络生态，造成恶劣影响。

近年来，我国以无人驾驶航空器为代表的新型低空航空器技术创新和产业升级深入推进，农林作业、巡查巡检、城市治理、应急救援、物流配送等场景有序拓展，低空飞行活动日益增多，亟需建立完善低空保险政策制度、产品服务和监督管理体系……