Aggregator

A vulnerability classified as problematic has been found in Injection Guard Plugin up to 1.2.7 on WordPress. This affects an unknown part. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8046. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP Shopify Plugin up to 1.5.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-7808. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Quiz and Survey Master Plugin up to 10.2.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-6790. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Structured Content wpsc Plugin up to 1.6.x on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-3414. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Zelle Provider Allowed $1 Billion of Fraudulent Transactions, Prosecutors Say
The state of New York is suing the privately held fintech company behind the Zelle money transfer system in a complaint that alleges years of poor cybersecurity and protections against fraud. The New York complaint targets Early Warning Services, the company behind the money transfer app.

Congress Pressed to Fund Federal Court System Cyber Upgrades Amid Escalating Risks
A breach of the U.S. national court filing system intensified concerns over the federal judiciary's cybersecurity, with critics urging reforms and congressional funding to close gaps that could expose sealed cases, confidential informants and other sensitive information.

HHS Says New FAQs Support HHS' 'Make Health IT Great Again' Interoperability Effort
Federal regulators issued updated HIPAA privacy rule guidance that aims to clarify when patients' protected health information can be shared with value-based care organizations, and also the types of health records that patients have a right to access upon request. Does it cover any new ground?

Majority of Attacks Target Operational Technology Networks
Exploitation attempts against a severe vulnerability in a runtime system widely deployed in operational technology environments spiked globally in the days after open-source maintainers of the Erlang/OTP project published a patch. Attackers could take full control of systems.

挪威反情报机构负责人 Beate Gangaas 周三表示，俄罗斯黑客今年四月七日短暂控制了一座位于 Bremanger 的水坝，打开了泄洪闸，四个小时后攻击被发现而停止。挪威大部分电力来自水电，情报部门此前曾警告其能源基础设施可能遭受攻击。Gangaas 说，此类攻击的目的是影响民众，在民众中制造恐惧和混乱，我们的俄罗斯邻居变得更危险了。俄罗斯驻奥斯陆大使馆表示，她的声明毫无根据并带有政治动机。

Google实施新政策，在15个司法管辖区要求加密货币交易所和钱包应用开发者获得政府许可。美国联邦调查局警告加密货币诈骗，骗子冒充律师或政府机构进一步诈骗受害者。

Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to "ensure a safe and compliant ecosystem for users." The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South Korea, Switzerland, Thailand,

Positive Technologies: APT-группировки стали чаще использовать фишинг даже в сложных атаках.

Out-of-bounds read and write vulnerabilities represent critical security vulnerabilities that occur when software accesses memory locations beyond the allocated boundaries of data structures such as arrays, buffers, or other memory regions. These vulnerabilities can lead to information disclosure, system crashes, and in severe cases, arbitrary code execution that allows attackers to gain unauthorized control over […]

The post What Is Out-of-Bounds Read and Write Vulnerability? appeared first on Cyber Security News.

深圳第三家Apple Store即将于8月16日在前海壹方城开业，采用Vintage E设计强调环保与无障碍体验，并设Apple Vision Pro专属体验区。

A vulnerability classified as problematic has been found in Huawei HarmonyOS 5.0.1/5.1.0. This affects an unknown part of the component Location Service. The manipulation leads to type confusion. This vulnerability is uniquely identified as CVE-2025-54649. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS 5.0.1/5.1.0. It has been classified as critical. Affected is an unknown function of the component Kernel Hufs Module. The manipulation leads to race condition. This vulnerability is traded as CVE-2025-54651. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Adobe Illustrator up to 28.7.8/29.6.1. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-49563. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Illustrator up to 28.7.8/29.6.1. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-49564. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-8795. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.