Aggregator

A vulnerability has been found in Mozilla Firefox up to 148 and classified as critical. Affected is an unknown function of the component JavaScript Engine. This manipulation causes type confusion. This vulnerability is tracked as CVE-2026-4702. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as problematic was found in Mozilla Firefox up to 148. This issue affects some unknown processing of the component HTTP. Such manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2026-4700. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 148. This impacts an unknown function of the component JavaScript Engine. The manipulation results in use after free. This vulnerability is identified as CVE-2026-4701. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 148. This vulnerability affects unknown code of the component JIT. This manipulation causes type confusion. The identification of this vulnerability is CVE-2026-4698. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 148. The impacted element is an unknown function of the component Fonts. Executing a manipulation can lead to memory corruption. The identification of this vulnerability is CVE-2026-4699. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Mozilla Firefox up to 148. This vulnerability affects unknown code of the component Fonts. The manipulation results in use after free. This vulnerability is known as CVE-2026-4696. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 148. This affects an unknown function of the component Web Codecs. The manipulation leads to memory corruption. This vulnerability is referenced as CVE-2026-4697. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Mozilla Firefox up to 148. This issue affects some unknown processing of the component Web Codecs. This manipulation causes memory corruption. This vulnerability is handled as CVE-2026-4695. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

2026年4月14日，深瞳漏洞实验室监测到一则Marimo组件存在绕过认证漏洞的信息，漏洞编号：CVE-2026-39987，漏洞威胁等级：高危。

Explore the debate between "Cyber Nirvana" and the "Vulnpocalypse" as AI tools like Anthropic’s Mythos threaten to collapse the traditional security model in a "supernova" event.

The post The Treatment Was Successful. Unfortunately the Patient Died appeared first on Security Boulevard.

Вебинар Positive Technologies 16 апреля 2026 в 14:00

好的，我现在需要帮用户总结这篇文章的内容，控制在100字以内。首先，我得通读文章，抓住主要信息。文章讲的是TCL电子考虑出售印度电视制造部门的部分股份，目的是促进业务增长。他们寻求筹集至少两亿美元，目前还在初步阶段，可能不会达成交易。TCL效仿海尔的成功模式，海尔去年将印度子公司的部分股权出售给印度和美国的集团。TCL进入印度市场已有八年，希望通过这次股权转让在竞争激烈的环境中站稳脚跟。 接下来，我需要把这些信息浓缩到100字以内。重点包括：TCL考虑出售股份、筹集资金、效仿海尔、本土化合作、增强竞争力。要确保语言简洁明了，直接描述内容，不需要开头语。 可能的结构是：TCL考虑出售印度电视部门部分股权以促进增长，寻求筹资至少2亿美元。此举效仿海尔的本土化合资模式，旨在增强竞争力。 检查字数是否在限制内，并确保信息准确无误。 TCL电子考虑出售印度电视制造部门部分股权以促进业务增长，并寻求筹资至少2亿美元。此举效仿海尔的本土化合资模式，旨在增强竞争力。

内部威胁一直以来都是一个风险，但现代技术、战术和动机的演变使得这一威胁、可能性和内部相关事件的后果大幅增加。

一个印度开发团队以 Essential Plugin 的名义开发了 31 款 WordPress 插件，插件有免费版本也有付费版本。2024 年底由于收入下降了 35-45% 开发者将所有插件出售给了一个有 SEO、加密货币和赌博背景的买家，金额是六位数。2025 年 8 月 8 日买家释出了更新，其中包含了后门，但后门一直处于休眠状态。2026 年 4 月 5-6 日后门激活开始向所有运行相关插件的网站传播恶意载荷。恶意代码从指令控制服务器获取垃圾链接、重定向和虚假页面。这些垃圾信息只会显示给 Google 的机器人 Googlebot，对网站所有者不可见。WordPress.org 插件团队次日关闭了所有插件，但 SEO 垃圾信息注入攻击仍在进行中。这不是 WordPress.org 第一次遭遇模式相似的供应链攻击——收购信任插件然后注入恶意代码，它没有机制标记或审查插件所有权转移，也没有向用户发出插件所有权变更的通知，新所有者也不会触发额外的代码审查。最新攻击有数十万安装这些插件的网站受到影响。

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要特定的开头。首先，我得仔细阅读文章内容，理解主要事件和关键点。 文章讲的是一个印度团队开发了31个WordPress插件，后来因为收入下降卖给了一个有不良背景的买家。买家在更新中植入后门，导致恶意代码传播，影响了数十万网站。WordPress.org虽然关闭了插件，但攻击仍在继续。 接下来，我需要提取这些关键信息：插件数量、开发者出售原因、买家背景、后门激活时间、恶意行为、受影响范围以及平台的应对措施。 然后，把这些信息浓缩成简洁的句子，确保不超过100字。要注意逻辑连贯，不遗漏重要细节。 最后，检查一下是否符合用户的要求：中文总结，直接描述内容，没有多余开头。 印度团队开发的31款WordPress插件被出售给不良买家后植入后门，在2026年4月激活恶意代码，向网站注入垃圾链接和重定向仅针对Googlebot。攻击影响数十万网站，WordPress.org关闭插件但无法阻止持续攻击。

A vulnerability described as critical has been identified in Mozilla Firefox up to 148. Impacted is an unknown function of the component Graphics. Such manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-4694. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Mozilla Firefox up to 148. This affects an unknown part of the component Design Mode. The manipulation leads to sandbox issue. This vulnerability is traded as CVE-2026-4692. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Firefox up to 148. The affected element is an unknown function of the component Playback. Performing a manipulation results in memory corruption. This vulnerability was named CVE-2026-4693. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.