Aggregator

A vulnerability has been found in Daniel Walmsley VR Views Plugin up to 1.5.1 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-22820. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in wpecommerce & wp.insider Sell Digital Downloads Plugin up to 2.2.7 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-22826. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in vfthemes StorePress Plugin up to 1.0.12 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-22821. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WP Joomag Plugin up to 2.5.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-22827. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Lucia Intelisano Live Flight Radar Plugin up to 1.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-22824. It is possible to initiate the attack remotely. There is no exploit available.

0x00 前言

番外篇第三题刚开始是有难度的，玩家会相互干扰，想要获取flag，还是需要靠一点运气的。后面修改了难度，分 IP 抽奖，互相不干扰了。难度就降低了不少。

A vulnerability has been found in AMI Megarac and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Redfish/API. The manipulation leads to password hash with insufficient computational effort. This vulnerability is known as CVE-2022-40258. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Adobe Acrobat Reader up to 20.005.30418/22.003.20281/22.003.20282. This affects an unknown part. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2023-21608. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

来自【2025春节】解题领红包活动排名第一的选手BMK分享自己解题过程。

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East. Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.

The post Storm-2372 conducts device code phishing campaign appeared first on Microsoft Security Blog.

RemcosRAT远控样本分析

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

在管理企业大规模服务弹性伸缩的场景下，Web应用的负载时序数据分析和预测至关重要。然而，由于应用的周期性特征和负载的复杂性，寻找一种能够适应所有应用的预测模型成为了一项挑战。美团与中国人民大学信息学院柴云鹏教授团队展开了“预测技术在弹性伸缩场景的应用”科研合作，取得了较好的成果。希望能给从事相关研究工作的同学带来一些帮助或启发。

悲观者永远正确，乐观者永远前行。

In the rapidly evolving landscape of cybersecurity, transformation isn’t just about adaptation—it’s about strengthening capabilities to better serve and protect organizations worldwide. That’s why we’re excited to announce a transformative milestone: Nuspire’s integration into PDI Security & Network Solutions, set to take effect in early 2025.  The Journey to Integration  Since joining the PDI Technologies family in 2024, Nuspire has ... Read More

The post A New Chapter in Cybersecurity Excellence: Nuspire Becomes PDI Security & Network Solutions appeared first on Nuspire.

The post A New Chapter in Cybersecurity Excellence: Nuspire Becomes PDI Security & Network Solutions appeared first on Security Boulevard.