Aggregator

A vulnerability has been found in elzahlan Categories Images Plugin up to 3.3.1 on WordPress and classified as problematic. Affected by this vulnerability is the function z_taxonomy_image of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-2505. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in vanderwijk Content Blocks Plugin up to 3.3.9 on WordPress. Affected is the function content_block of the component Custom Post Widget. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-0894. The attack can be launched remotely. No exploit exists.

4月17日，第二届腾讯云黑客松智能渗透挑战赛初赛正式结束，恭喜脱颖而出的优秀战队！

市场监管总局发表公告，对上海寻梦信息技术有限公司（拼多多）、北京三快科技有限公司（美团）、北京京东叁佰陆拾度电子商务有限公司（京东）、上海拉扎斯信息科技有限公司（原饿了么，现淘宝闪购）、北京抖音科技有限公司（抖音）、浙江淘宝网络有限公司（淘宝）、浙江天猫网络有限公司（天猫）等7家电商平台“幽灵外卖”系列案，依据《中华人民共和国食品安全法》第一百三十一条、《中华人民共和国电子商务法》第八十三条的规定作出行政处罚决定，责令7家电商平台改正违法行为，暂停新增蛋糕店铺 3 至 9 个月不等，并处以罚没款共计 35.97 亿元。同时，依据《中华人民共和国食品安全法实施条例》第七十五条的规定，对 7 家平台企业法定代表人和食品安全总监合计处以罚款 1968.74 万元。其中拼多多被罚 1521930222.91元——即 15.2 亿。

A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a Mirai variant called Nexcorium. “IoT devices are increasingly prime targets for […]

关键词供应链安全美国政府正计划授权主要联邦机构使用Anthropic公司Claude Mythos模型的修改版

关键词漏洞微软已修复Windows截图工具中一个中危安全漏洞，该漏洞可能被恶意攻击者利用来窃取用户凭证。

关键词漏洞网络安全研究人员发现，近期泄露的三个Windows Defender提权漏洞正遭实际攻击利用。

В Visual Studio 18.5 появился «автопилот» для отладки, но за экономию времени придется платить.

看雪论坛作者ID：LeoChen..

涵盖百万级安全从业者资源

本文摘选自Halvar Flake的一篇文章，书评：《这就是他们告诉我世界将如何终结》。

Freelance service platform Fiverr is facing a significant privacy incident after researchers discovered that sensitive customer files are publicly accessible and indexed by Google search. According to a recent disclosure on Hacker News, an insecure file-hosting configuration has exposed personal identifiable information (PII), including completed tax forms, that were exchanged between freelancers and clients. The […]

The post Fiverr Allegedly Leaks User Information to Google Indexing, Researchers Say appeared first on Cyber Security News.

Детекторы годами игнорировали грубость генеративных алгоритмов. Пора это исправить.

In boardroom discussions, data breaches are typically evaluated through the lens of financial impact, regulatory exposure, and operational disruption. While these factors are critical, they often overshadow a more fundamental concern: the consumer. Every piece of personal data collected by an organization represents a relationship built on trust. When that data is mishandled, exposed, or […]

The post Ignoring DPDP Compliance? Here’s the Risk to Your Organization appeared first on Kratikal Blogs.

The post Ignoring DPDP Compliance? Here’s the Risk to Your Organization appeared first on Security Boulevard.

A new iteration of the notorious Mirai botnet, dubbed Nexcorium, has emerged in the wild, aggressively targeting internet-connected video recording devices. According to recent threat research published by Fortinet’s FortiGuard Labs, threat actors are exploiting a known command injection vulnerability to hijack TBK DVR systems and construct a large-scale Distributed Denial-of-Service (DDoS) botnet. Fortinet researchers […]

The post Nexcorium-Associated Mirai Variant Uses TBK DVR Exploit to Scale Botnet Operations appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in Zebra. This impacts an unknown function of the component Cached Mempool Verification. Performing a manipulation results in comparison using wrong factors. This vulnerability is identified as CVE-2026-40880. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Zebra. This affects an unknown function of the component addr Message Handler. Such manipulation leads to resource consumption. This vulnerability is referenced as CVE-2026-40881. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAuth grants. When projects end or employees leave, most

Некогда сложные правила заменили на интуитивно понятный конструктор.