Aggregator

A vulnerability has been found in Beaver Builder Plugin up to 2.10.1.2 on WordPress and classified as critical. Impacted is an unknown function. This manipulation causes sql injection. This vulnerability appears as CVE-2026-40744. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, was found in VillaTheme COMPE Plugin up to 1.1.4 on WordPress. This issue affects some unknown processing. The manipulation results in authorization bypass. This vulnerability is reported as CVE-2026-40737. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in Themeum Tutor LMS Plugin up to 3.9.7 on WordPress. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-40740. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical was found in ThemeGrill Demo Importer Plugin up to 2.0.0.6 on WordPress. This affects an unknown part. Executing a manipulation can lead to missing authorization. This vulnerability is registered as CVE-2026-40730. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in Nelio AB Testing Plugin up to 8.2.8 on WordPress. Affected by this issue is some unknown functionality. Performing a manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-40742. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in BlockArt Magazine Blocks Plugin up to 1.8.3 on WordPress. Affected by this vulnerability is an unknown functionality. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-40728. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as critical has been reported in Mattermost up to 10.11.12/11.3.2/11.4.2/11.5.0. Affected is an unknown function. This manipulation causes time-of-check time-of-use. This vulnerability is tracked as CVE-2026-3590. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

ShinyHunters hackers leak 7.54 GB of Rockstar Games data from Snowflake analytics systems, confirming no player records or personal information were exposed.

4月15日，绿盟科技CERT监测到微软发布4月安全更新补丁，修复了165个安全问题，涉及Windows、Microsoft Office、Microsoft SQL Server、Microsoft .NET Framework、Azure等广泛使用的产品，其中包括权限提升、远程代码执行等高危漏洞类型。

AI辅助还原Coruna漏洞利用链混淆代码

Microsoft confirmed on Tuesday that some Windows Server 2025 devices will boot into BitLocker recovery after installing the April 2026 KB5082063 Windows security update. [...]

Mirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading through ads on Meta platforms, targeting mainly Spanish-speaking users and reaching over 220,000 accounts. The malicious code lets attackers fully control infected devices […]

分享一篇文章。

2026年4月15日（北京时间），微软发布了2026年4月安全更新，共发布了247个CVE的补丁程序，比上月增多了154个。

2026年4月14日，深瞳漏洞实验室监测到一则Axios组件存在服务器端伪造请求（SSRF）漏洞的信息，漏洞编号：CVE-2026-40175，漏洞威胁等级：严重。

Cybercriminals have found a quiet way to sit inside a corporate email account and read everything being sent and received — without the account owner ever knowing. Attackers are now abusing a built-in Microsoft 365 feature called mailbox rules to silently intercept business emails, redirect financial communications, and suppress security notifications, all while staying completely […]

The post Hackers Create Hidden Mailbox Rules in Microsoft 365 to Intercept Sensitive Business Emails appeared first on Cyber Security News.

История о том, как обычный маршрутизатор стал соучастником крупного преступления.

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed

In Chile, cybersecurity compliance is becoming an operational issue, not just a legal one. Under the new Cybersecurity Framework Law, organizations must show they have real capabilities for threat detection, incident analysis, and response. For many teams, that exposes a serious gap between regulatory expectations and day-to-day security operations.  Key Takeaways  The Regulatory Shift  Chile has […]

The post Chile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response Readiness appeared first on ANY.RUN's Cybersecurity Blog.

2026年2月28日，美军对伊朗发动空袭。这不是一场普通的战争。没有人在地图室里用铅笔画圈标注目标，没有人拿