Aggregator

至少部分文件与谷歌有关

OpenAI推Daybreak防御AI，攻击者滥用Vercel造钓鱼站；RubyGems等开源生态遭大规模入侵。

A vulnerability was found in caterhamcomputing CC Child Pages Plugin up to 2.1.1 on WordPress and classified as problematic. This vulnerability affects unknown code. Executing a manipulation of the argument more can lead to cross site scripting. This vulnerability is registered as CVE-2026-6174. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in websoudan MW WP Form Plugin up to 5.1.2 on WordPress and classified as problematic. This affects the function _get_post_property_from_querystring. Performing a manipulation results in authorization bypass. This vulnerability is cataloged as CVE-2026-6206. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability, which was classified as critical, was found in Infused Addons InfusedWoo Pro Plugin up to 5.1.2 on WordPress. Affected by this issue is the function popup_submit. Such manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2026-6514. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in wpeverest User Registration & Membership Plugin up to 5.1.5 on WordPress. Affected by this vulnerability is the function is_admin_creation_process. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2026-6145. The attack is possible to be carried out remotely. No exploit exists.

Единственный способ защититься от Fragnasia пока что только ломает инфраструктуру.

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse

三星正计划在7月举办一场Galaxy Unpacked活动，并且该公司计划推出新的可折叠智能手机和AI“Galaxy眼镜”。三星的活动将于7月22日举行，因此其将在苹果公司首款可折叠iPhone推出前

Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure

以此框架认识DS V4

A vulnerability was found in Google Chrome on Windows. It has been rated as critical. Affected is an unknown function of the component WebRTC. The manipulation leads to use after free. This vulnerability is listed as CVE-2026-7928. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Школьник превратил мессенджеры в торговую площадку

Schools love a good photo, whether it’s from a trip to a castle, a science prize ceremony, or

The Information Commissioner’s Office has released new guidance on how to mitigate the risk of AI-powered attacks

A vulnerability classified as problematic was found in mr2p Meta Field Block Plugin up to 1.5.2 on WordPress. Affected is an unknown function of the component Block Attribute Handler. The manipulation of the argument tagName results in cross site scripting. This vulnerability is identified as CVE-2026-6252. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in LatePoint Plugin up to 5.3.2 on WordPress. This impacts the function request_cancellation. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2026-5365. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in managewp ManageWP Worker Plugin up to 4.9.31 on WordPress. This affects an unknown function of the component HTTP Request Header Handler. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-3718. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in wpdevteam Essential Addons for Elementor Plugin up to 6.5.13 on WordPress. The impacted element is the function register_user. Performing a manipulation results in improper privilege management. This vulnerability was named CVE-2026-5193. The attack may be initiated remotely. There is no available exploit.