Aggregator

A vulnerability was found in Stop User Enumeration Plugin up to 1.7.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /wp-json/wp/v2/users/ of the component REST API. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2025-4302. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Одно посещение заражённого сайта — и хакеры уже в вашей системе.

传统VPN远程访问方案曾一度领先，如今却成了安全风险、网络瓶颈和用户体验的绊脚石。

A Veeam survey found that 96% of financial services organizations believe their current levels of data resilience falls short of DORA compliance, citing major challenges

Cybersecurity researchers have identified an emerging attack campaign where threat actors are weaponizing Scalable Vector Graphics (SVG) files to deliver sophisticated JavaScript-based redirect attacks. This technique exploits the inherent trust placed in image formats, allowing malicious actors to embed obfuscated JavaScript within seemingly harmless vector graphics files that execute automatically when opened in web browsers. […]

The post Weaponizing SVG: How Threat Actors Embed Malicious JavaScript in Vector Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #616224 / VDB-114363

The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three previously undocumented Chinese state-sponsored threat actors. "Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well

Submit #616168 / VDB-177963

Submit #615671 / VDB-240804

UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit […]

美国时间周三凌晨 2:30 (06:30 UTC)，SpaceX 在佛罗里达州卡纳维拉尔角太空军基地使用 Falcon 9 火箭发射了亚马逊的 24 颗宽带卫星，亚马逊的宽带卫星网络 Project Kuiper 设计与 SpaceX 的宽带卫星 Starlink 进行竞争，不过 Starlink 在轨卫星已有数千颗，而 Project Kuiper 至今只有 78 颗。完整的 Project Kuiper 网络将有 3232 颗。Kuiper 卫星造价昂贵，预计项目总费用 165-200 亿美元，其中发射一项将耗费 100 亿美元，亚马逊已经预定了超过 80 次发射合同，迫不得已它只能求助于竞争对手 SpaceX。

Машины уже не ждут помощи, они сами себе доктор и строитель.

Google’s Threat Intelligence Group (GTIG) has uncovered a sophisticated cyberattack campaign targeting end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances, where threat actors are exploiting previously stolen credentials and deploying a new rootkit called OVERSTEP. The financially motivated group, tracked as UNC6148, has been operating since at least October 2024 and is suspected of […]

The post 0-Day RCE Flaw in SonicWall SMA Devices Exploited to Launch OVERSTEP Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Socure launched Workforce Verification solution to address the growing threat of employee fraud. Socure’s Workforce Verification adapts its enterprise-grade identity verification and fraud prevention specific to hiring workflows, detecting manipulated or fabricated identities before they enter organizations and addressing workforce risk at its source: identity. “Identity fraud is no longer confined to the consumer realm, it’s infiltrating the workforce at an accelerating rate and has become a foundational risk to cybersecurity, compliance, and organizational trust … More →

The post Socure Workforce Verification detects manipulated or fabricated identities appeared first on Help Net Security.

我国是全球最大的农业塑料使用国，2022 年农业薄膜使用量达 134 万吨，覆盖面积超 1750 万公顷。地膜能调节土壤温湿度、抑制杂草虫害、减少化肥农药使用，甚至提升微生物多样性；在甘肃等干旱地区，地膜覆盖可使作物增产超 180%，相当于多开发了近 400 万公顷耕地。但长期使用和不当处理后，残留的塑料会破坏土壤结构、释放化学添加剂，甚至通过“土壤-作物-人体”链条传递风险。减少薄膜使用和推广可降解地膜面临很多挑战。可降解地膜的降解效果受土壤条件影响大，且成本高、农民接受度低；回收环节则因地膜破碎率高、处理成本大，依赖政府补贴难以持续。研究人员建议建立全国统一管理框架，结合区域特点制定差异化策略。

Legit Security announced enhanced capabilities for significant code change and workflow orchestration within its platform. These capabilities provide insight into changes in code, configuration, or infrastructure that can impact an application’s security or compliance posture. With visibility into where everyday code changes are occurring and the appropriate workflows to resolve them, AppSec and development teams can overcome the challenges of disconnected tool sprawl, duplicate alerts, remediation without context, and hidden or unnoticed code. Detecting, documenting, … More →

The post Legit Security delivers automated security reviews for AppSec and development teams appeared first on Help Net Security.

Вчера — рост на 30%, сегодня — убытки по 300 млн.

CSOP 2025·北京站 亮点前瞻

Akeyless has launched Akeyless SecretlessAI, a solution purpose-built to secure AI agents and Model Context Protocol (MCP) servers. As enterprises accelerate AI adoption, these autonomous systems are increasingly entrusted with accessing sensitive data, APIs, and internal tools to fulfill their tasks. This shift demands a new security paradigm — one that protects machine-to-machine communication at scale, without compromising agility or trust. AI agents now operate in dynamic, distributed environments and frequently act on behalf of … More →

The post Akeyless SecretlessAI protects machine-to-machine communication appeared first on Help Net Security.