Aggregator
火绒个人版6.0功能升级 | 右键管理、系统加固优化
2 days 10 hours ago
火绒个人版6.0功能升级 | 右键管理、系统加固优化
编程AI的“相爱相杀”:谁更懂我的心?
2 days 10 hours ago
本文所呈现之内容,皆为本人在使用AI工具过程中的实际体验与对效果的客观描述,旨在分享使用感受与技术探索。
What the post-quantum executive order really demands of CISOs
2 days 10 hours ago
With federal PQC deadlines set for 2030 and 2031, CISOs face a multi-year transformation program that most organizations have not yet started. The window for orderly execution is narrowing fast.
The post What the post-quantum executive order really demands of CISOs appeared first on CyberScoop.
Greg Otto
SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel
2 days 11 hours ago
Ukraine’s SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has formally exposed a sustained Russian intelligence campaign targeting the messaging accounts of government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States. […]
Pierluigi Paganini
CVE-2026-9676 | F4 Post Tree Plugin up to 2.0.4 on WordPress AJAX Action authorization (EUVD-2026-40040)
2 days 11 hours ago
A vulnerability has been found in F4 Post Tree Plugin up to 2.0.4 on WordPress and classified as critical. The impacted element is an unknown function of the component AJAX Action Handler. Performing a manipulation results in missing authorization.
This vulnerability is identified as CVE-2026-9676. The attack can be initiated remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
Inside the inbox: Why cybercriminals want to break into your email account
2 days 11 hours ago
Your inbox is an identity system all of its own: whoever owns it may own a lot more
«Радар РФ» оказался ловушкой: мошенники запустили сеть фейковых сайтов оповещения о дронах
2 days 11 hours ago
Аферисты используют страх перед БПЛА, чтобы выманить звонок жертвы.
Hacking World・跨界极客沙龙|本周六深圳南山聚橙剧院见!
2 days 11 hours ago
7 月 4 日,腾讯安全沙龙第 9 期深圳站,等你来~
Amazon 的AI编程助手高危漏洞可导致代码执行和敏感云环境访问
2 days 11 hours ago
速修复
DirtyClone: Linux 内核新漏洞,通过克隆的数据包获得根权限
2 days 11 hours ago
速修复
Pedit COW:通过投毒缓存二进制,获得根权限
2 days 11 hours ago
速修复
Happ вернулся в российский App Store под новым именем
2 days 11 hours ago
VPN-клиент снова появился в магазине Apple после удаления по требованию Роскомнадзора, но доступность может оказаться недолгой.
因网安与信息化问题,多家中央部门单位被国家审计署点名
2 days 11 hours ago
运营商巨头重大数据泄露:超1420万用户邮箱密码遭窃取
2 days 11 hours ago
暴露规模近年罕见
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
2 days 11 hours ago
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud.
The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021.
The Hacker News
CVE-2026-10083 | APCu Manager Plugin up to 4.4.x on WordPress cross site scripting (EUVD-2026-40039)
2 days 11 hours ago
A vulnerability, which was classified as problematic, was found in APCu Manager Plugin up to 4.4.x on WordPress. The affected element is an unknown function. Such manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2026-10083. It is possible to launch the attack remotely. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2025-7386 | Hitachi Virtual Storage Platform VX7 insufficiently protected credentials (EUVD-2025-210366)
2 days 11 hours ago
A vulnerability, which was classified as problematic, has been found in Hitachi Virtual Storage Platform 5100, Virtual Storage Platform 5200, Virtual Storage Platform 5500, Virtual Storage Platform 5600, Virtual Storage Platform 5100H, Virtual Storage Platform 5200H, Virtual Storage Platform 5500H, Virtual Storage Platform 5600H, Virtual Storage Platform VX8, Virtual Storage Platform G1000, Virtual Storage Platform G1500, Virtual Storage Platform F1500 and Virtual Storage Platform VX7. Impacted is an unknown function. This manipulation causes insufficiently protected credentials.
The identification of this vulnerability is CVE-2025-7386. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-2902 | Hitachi Virtual Storage Platform F900 authorization (EUVD-2025-210368)
2 days 11 hours ago
A vulnerability classified as critical was found in Hitachi Virtual Storage Platform E390, Virtual Storage Platform E590, Virtual Storage Platform E790, Virtual Storage Platform E990, Virtual Storage Platform E1090, Virtual Storage Platform E390H, Virtual Storage Platform E590H, Virtual Storage Platform E790H, Virtual Storage Platform E1090H, Virtual Storage Platform 5100, Virtual Storage Platform 5500, Virtual Storage Platform 5100H, Virtual Storage Platform 5500H, Virtual Storage Platform 5200, Virtual Storage Platform 5600, Virtual Storage Platform 5200H, Virtual Storage Platform 5600H, Virtual Storage Platform G130, Virtual Storage Platform G150, Virtual Storage Platform G350, Virtual Storage Platform G370, Virtual Storage Platform G700, Virtual Storage Platform G900, Virtual Storage Platform F350, Virtual Storage Platform F370, Virtual Storage Platform F700 and Virtual Storage Platform F900. This issue affects some unknown processing. The manipulation results in missing authorization.
This vulnerability was named CVE-2025-2902. The attack may be performed from remote. There is no available exploit.
vuldb.com
FBI Sounds Alarm Over Russian Intelligence Signal Phishing
2 days 11 hours ago
The FBI claims Russian spies are targeting Signal backup keys