Aggregator

技术岗直投

看雪论坛作者ID：不歪

A vulnerability described as critical has been identified in techjewel FluentCRM Plugin up to 2.9.87 on WordPress. The impacted element is the function _fc_bounce_key. Such manipulation of the argument SubscribeURL leads to server-side request forgery. This vulnerability is traded as CVE-2026-7798. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in jetmonsters MotoPress Hotel Booking Plugin up to 6.0.1 on WordPress. The affected element is an unknown function. This manipulation causes missing authorization. This vulnerability appears as CVE-2026-8684. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three tracked vulnerabilities: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Splunk AI Toolkit Access Flaw (CVE-2026-20238) A medium-severity flaw […]

The post Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data appeared first on Cyber Security News.

A vulnerability labeled as critical has been found in TeamViewer DEX up to 9.1. Impacted is an unknown function of the component Backend API Endpoint. The manipulation results in missing authorization. This vulnerability is reported as CVE-2026-8381. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in metaphorcreations Ditty Plugin up to 3.1.65 on WordPress. This issue affects the function init of the component AJAX Endpoint. The manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-9011. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in cssigniterteam AudioIgniter Music Player Plugin up to 2.0.2 on WordPress. This vulnerability affects the function handle_playlist_endpoint of the file /audioigniter/playlist/. Executing a manipulation can lead to authorization bypass. This vulnerability is registered as CVE-2026-8679. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in smub Slider by Soliloquy Plugin up to 2.8.1 on WordPress. It has been rated as problematic. This affects the function map_meta_cap of the component Configuration Handler. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-7636. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in registrationformbuilder Vedrixa Forms Plugin up to 1.1.1 on WordPress. It has been declared as critical. Affected by this issue is the function wp_localize_script of the component Shortcode Handler. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-8692. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in kasparsd Widget Context Plugin up to 1.3.3 on WordPress. It has been classified as problematic. Affected by this vulnerability is the function save_widget_context_settings of the file /wp-admin/widgets.php. This manipulation causes cross-site request forgery. This vulnerability is tracked as CVE-2026-7615. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

一天前这颗大脑还在一个活人身上。如今在其主人去世数小时后，它静静地躺在一辆小推车上。车上布满了管道，向这个器官内泵入数升的血液替代品和其它液体，为其输送氧气并排出代谢废物。它的大部分核心功能都完好无损，但其电活动已被麻醉剂压制，使这颗大脑处于一种介于生死之间的游离状态。随着它代谢着实验性药物，传感器实时记录着其反应，捕捉关于细胞、蛋白质和生理机能的数百个数据点。24 小时后，它将被切成数百个碎片，以进行更深入的研究。它是生物创业公司 Bexorg 使用脑维持设备 BrainEx 培养和研究的逾七百颗大脑之一，被用于深入理解潜在疗法在患有帕金森、阿尔茨海默或肌萎缩侧索硬化症等神经退行性疾病大脑中的作用机制。Bexorg 能对大脑进行活检，了解药物在细胞中停留的时间、是否靶向其分子靶点以及是否存在任何副作用。Bexorg 认为它的系统能提供比实验室动物或培养皿细胞更接近真实情况的药物测试条件。Bexorg 此前一直保持低调，但最近在扩大规模，邀请了记者参观其实验室，试图向公众保证，脱离人体的大脑不会触犯伦理底线，也不会有恢复意识的风险。

Yaklang 原生编译与混淆落地

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation risks. The flaw, tracked as CVE-2026-34926, affects on-premise deployments of Trend Micro Apex One and could allow attackers to tamper with endpoint security systems. CVE-2026-34926 […]

The post CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit vulnerabilities to CISA. Email submissions remain available at [email protected] for organizations and individuals who prefer that route. “Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting … More →

The post CISA’s new KEV nomination form opens reporting to vendors and researchers appeared first on Help Net Security.

Поддельный архив надёжно усыпляет бдительность и виртуозно заметает следы атаки.

The FBI has issued a new cybersecurity warning about a rapidly emerging phishing-as-a-service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users to steal access tokens and bypass multi-factor authentication (MFA). Kali365 is being distributed primarily through Telegram channels, where threat actors can subscribe to the service and launch phishing campaigns with minimal […]

The post FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA appeared first on Cyber Security News.

“CCF-INFORSEC网络空间安全前沿创新论坛”将于明日在中国科学院计算技术研究所一层报告厅举办，欢迎参会！

AI安全目前过度依赖静态配置与清单检查，如同早期杀毒软件时代。行业亟需转向行为监测，避免重演终端安全的盲点与被动。