Aggregator

A vulnerability was found in wpdevteam BetterDocs Plugin up to 4.3.8 on WordPress. It has been declared as problematic. The affected element is the function betterdocs_feedback_form of the component Shortcode Handler. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-3875. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical was found in Samba rsync up to 3.4.1. Affected by this vulnerability is the function receive_xattr of the component Qsort Call Handler. Such manipulation of the argument length leads to improper handling of length parameter inconsistency. This vulnerability is documented as CVE-2026-41035. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in WSO2 API Manager, Identity Server, Open Banking AM, Open Banking IAM and Identity Server as Key Manager. Affected by this vulnerability is an unknown functionality of the component XML Parser. This manipulation causes xml external entity reference. This vulnerability is tracked as CVE-2024-2374. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in faridsaniee OPEN-BRAIN Plugin up to 0.5.0 on WordPress. It has been rated as problematic. The impacted element is the function sanitize_text_field of the component Setting Handler. Performing a manipulation of the argument API key results in cross site scripting. This vulnerability was named CVE-2026-3995. The attack may be initiated remotely. There is no available exploit.

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage

The OpenSSL Project has inaugurated a seminal update that profoundly reshapes both its internal architecture and its repertoire

The post Beyond the Legacy: OpenSSL 4.0.0 Arrives with Encrypted Client Hello and Post-Quantum Prep appeared first on Penetration Testing Tools.

Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more than 30 days, long enough for researchers to watch the actor work through their tools, scripts, and decisions beyond the initial break-in. The attacker had previously been documented targeting transportation carriers through compromised load board platforms, which are online marketplaces connecting shippers … More →

The post Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug appeared first on Help Net Security.

A Japanese maritime transport conglomerate has encountered a significant data breach following the compromise of its internal fuel

The post Sunk by a Script: How a Fuel System Breach Exposed the Global NYK Line Network appeared first on Penetration Testing Tools.

The commercial spyware Predator has proven far more ingenious than previously surmised. Rather than merely infiltrating the iPhone’s

The post The Kernel Ghost: How Predator Spyware Hijacks iPhone NEON Registers to Vanish into iOS appeared first on Penetration Testing Tools.

360终端安全智能体构建AI时代全生命周期勒索防护能力

速修复

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读用户提供的文章内容，了解主要信息。 文章是关于Amy和Wendy Bishop的访谈，Wendy是Talos的创意总监。她从网页设计和新闻背景进入设计领域，现在负责Talos的创意工作。访谈中还提到了2025年年报的设计过程，展示了艺术与技术结合的重要性。 接下来，我需要提取关键点：访谈对象、Wendy的职业背景、她的工作内容、以及年报的设计过程。然后把这些信息浓缩成一段简洁的文字，不超过100字。 要注意不要使用“文章内容总结”这样的开头，直接描述即可。同时要确保信息准确且涵盖主要方面。 Amy与Wendy Bishop探讨了设计在网络安全中的作用。Wendy从网页设计和新闻背景进入创意领域，并在Talos领导视觉叙事工作。她分享了如何将复杂数据转化为吸引人的设计，并讲述了2025年年报的设计过程。

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户给了一篇关于Cisco Talos发现的PowMix恶意软件的详细文章。首先，我要理解文章的主要内容。 文章提到PowMix是一个新的botnet，自2025年12月以来一直在攻击捷克共和国的组织。它使用随机的C2信标间隔和伪装成REST API的URL来逃避检测。攻击者模仿EDEKA品牌和捷克数据保护法，发送包含薪资数据和合法引用的钓鱼文件，吸引人力资源、法律和招聘机构的人。 此外，PowMix使用PowerShell加载器绕过安全措施，如AMSI，并在内存中执行payload。它还利用Heroku平台作为C2基础设施，并与之前的ZipLine活动有战术相似之处。 总结时需要涵盖这些关键点：PowMix botnet、攻击目标、使用的策略（如随机信标、伪装URL）、以及与ZipLine活动的相似性。同时要保持简洁，控制在100字以内。 现在我来组织语言：Cisco Talos发现了PowMix恶意软件，用于网络间谍活动，通过钓鱼邮件传播。它模仿合法品牌和法规，使用随机C2信标和伪装API URL逃避检测，并与ZipLine活动相似。 这样应该能准确传达文章的核心内容。 Cisco Talos发现了一个名为“PowMix”的新botnet恶意软件，用于网络间谍活动。该恶意软件通过钓鱼邮件传播，伪装成合法品牌和法规文件吸引目标组织。它采用随机C2信标间隔和伪装成REST API URL的技术逃避检测，并与之前的ZipLine活动有战术相似之处。

导语在IoT设备无处不在的今天，固件安全绝非小众问题。

The compromise of a residential router may initially appear as a localized grievance, while the manipulation of code

The post ShadowLink Exposed: How Your Home Router Became a Puppet for Corporate Supply Chain Attacks appeared first on Penetration Testing Tools.

Cybercriminals have found a new way to sneak malware past traditional security filters by hijacking a legitimate AI workflow automation tool called n8n. Rather than building their own infrastructure from scratch, these threat actors are turning a productivity platform into a weapon, using it to send phishing emails and deliver dangerous payloads directly to victims’ […]

The post Hackers Abuse n8n AI Workflow Automation to Deliver Malware Through Trusted Webhooks appeared first on Cyber Security News.

Nginx has inaugurated the stable 1.30.0 release, successfully concluding an extensive developmental cycle within the 1.29.x branch. This

The post Next-Gen Performance: NGINX 1.30.0 Stable Arrives with HTTP/2 Backend & Early Hints appeared first on Penetration Testing Tools.

AppMagic 的数据显示，2026 年 2 月全世界收入最高的 15 款手游中有 7 款来自中国，这些游戏的内购在一个月内产生了 6.68 亿美元的收入。Playrix、King、Roblox Corporation 和 Supercell 等西方公司仍然能跻身全球收入最高的 10 大手游发行商榜单，但它们的成功源于老游戏。2025 年收入排名前 15 的新游戏中没有一款来自西方游戏工作室。2025 年中国游戏在海外市场的收入达到 205 亿美元，连续第十年实现增长，连续第二年保持两位数增长。这种现象并非偶然，也并非仅仅因为中国市场庞大，中国手游的全球支配地位是循序渐进建立起来的。这一切源自本世纪初，当时中国的 PC 游戏盗版猖獗，买断制游戏模式难以维系，因此中国游戏公司转向了免费内购模式，在手游逐渐流行时，中国游戏公司对玩家付费心理的理解领先世界十年，并至今影响着他们的运营模式。2025 年中国手游活跃玩家 7.72 亿，手游收入占到了游戏市场总收入 501 亿美元的 73.29%，巨大的竞争压力促使中国游戏公司转向海外市场，首先是 4X 策略游戏，然后是中核（Mid-core）游戏，曾经的西方强项益智、合并和消除类游戏也逐渐被中国公司吞食。中国公司拥有西方公司所不具备的结构性优势：庞大且地域集中的人才库；对轮班制工作的文化接受度；员工纪律性强且易于替代；规模化生产后单位劳动力成本更低；以及对庞大团队和快速重组的容忍度。西方公司无法长期安排多个轮班以满足全天候实时运营的需求，无法将团队规模扩大到数千人，无法以工业化速度招聘和重组，没办法在这方面与中国公司展开竞争。中国公司对市场的反应无人能及，前一天 TikTok 上流行的梗（meme）可能第二天就出现在游戏关卡里。中国公司凭借组织规模取胜，西方公司只能依靠组织和创意的精准性取胜。

好的，我现在要帮用户总结这篇文章的内容，控制在100字以内。首先，我需要通读文章，抓住主要信息点。 文章主要讲的是中国手游在全球市场的崛起。数据显示，2026年2月全球收入最高的15款手游中，有7款来自中国，内购收入高达6.68亿美元。西方公司如Playrix、King等虽然还在前十榜单中，但他们的成功依赖于老游戏。2025年的新游戏中没有一款来自西方工作室。 此外，2025年中国游戏在海外市场的收入达到205亿美元，连续十年增长，并且连续两年保持两位数增长。这背后的原因包括中国公司在免费内购模式上的先发优势，对玩家付费心理的理解领先世界十年。中国手游活跃玩家数量庞大，收入占比高，竞争压力促使他们走向海外市场。 中国公司还拥有结构性优势：人才库庞大且集中、接受轮班制工作、员工纪律性强、成本低、团队规模大且能快速重组。这些优势使得西方公司难以竞争。中国公司能迅速反应市场变化，比如将TikTok上的梗快速融入游戏。 总结下来，文章的核心是：中国手游通过模式创新和结构性优势，在全球市场占据主导地位，并持续增长。 中国手游在全球市场占据主导地位，2026年收入最高的15款手游中有7款来自中国。西方公司依赖老游戏维持地位，而中国游戏凭借免费内购模式和对玩家心理的深刻理解迅速崛起。2025年中国手游海外收入达205亿美元，连续十年增长。中国公司在人才、组织规模和快速反应方面具有结构性优势。

Популярный инструмент для веб-мастеров nginx-ui открыт для взлома.