Aggregator

本文讨论内容：制定面向小微企业的规范性法律文件时，需要排除的主要考虑

至少12家公司的Snowflake云数据平台遭到数据窃取，部分还受到数据勒索

A vulnerability, which was classified as critical, was found in Checkmk up to 2.5.0b3. Affected is an unknown function of the component Monitoring Quicksearch. Executing a manipulation can lead to improper neutralization of delimiters. This vulnerability is handled as CVE-2026-33455. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Checkmk up to 2.3.0p46/2.4.0p25/2.5.0b3. This impacts an unknown function of the component Livestatus Command Handler. Performing a manipulation of the argument service name results in improper neutralization of delimiters. This vulnerability is known as CVE-2026-33457. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Checkmk up to 2.4.0p25/2.5.0b3. This affects an unknown function of the component Notification Test Page. Such manipulation leads to improper neutralization of delimiters. This vulnerability is traded as CVE-2026-33456. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

CCF网络与系统安全大会由两院院士领衔、CCF网络与系统安全专委会牵头，是我国网络与系统安全领域的高水平学术盛会。大会设立数十场专题论坛，聚焦前沿成果与产业创新，为筑牢数字中国底座集智赋能。目前，专题论坛征集工作已全面启动。

Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials. Once malware gains access to a machine, it can read the local files and memory where browsers store authentication cookies. What DBSC does Google’s Device Bound Session Credentials (DBSC) is now entering public availability for … More →

The post To counter cookie theft, Chrome ships device-bound session credentials appeared first on Help Net Security.

电子前哨基金会（EFF）宣布退出 X/Twitter 平台，原因可能是 X 平台的算法在马斯克（Elon Musk）治下更倾向于传播右翼内容，导致立场倾向于左翼的数字权利组织 EFF 的内容曝光度大幅下降。EFF 称它每天在 X/Twitter 上发表 5-10 条推文， 2018 年这些推文月曝光量能达到 5000 万到 1 亿次，2024 年它共发表了 2500 条推文月曝光量仅为 200 万次，2025 年共发表了 1500 条推文，全年曝光量仅为 1300 万次。今天 EFF 一则推文的曝光量仅为 7 年前的 3%。EFF 称，它在 Facebook、Instagram、YouTube 和 TikTok 上有账号并不代表认可这些平台，而是为了接触这些平台的用户。它会继续通过 Bluesky、Mastodon、LinkedIn、Instagram、TikTok、Facebook、YouTube 和 eff.org 等平台和网站继续抗争，只是不再通过 X 平台。

Cybersecurity researchers have identified five distinct security flaws in the TP-Link Archer AX53 v1.0 router. Tracked under multiple CVE identifiers, these vulnerabilities impact the router’s core modules, including OpenVPN, dnsmasq, and tmpServer. When exploited, these flaws allow attackers on the same network to execute system commands, cause system crashes, and steal sensitive configuration files, ultimately […]

The post Multiple TP-Link Vulnerabilities Allow Attackers to Seize Control of the Device appeared first on Cyber Security News.

Национальный центр суперкомпьютеров в Тяньцзине мог стать целью масштабной атаки.

A vulnerability has been found in BadgeOS Plugin up to 3.7.1.6 on WordPress and classified as problematic. This affects an unknown part of the component Shortcode Handler. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2023-2171. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as problematic has been found in MailArchiver Plugin up to 2.10.1 on WordPress. Affected is an unknown function of the component Email Subject Handler. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2023-3136. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in Real Estate Manager Plugin up to 6.7.1 on WordPress and classified as critical. Affected is an unknown function of the component Usermeta Update Handler. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2023-4239. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as problematic has been reported in Absolute Privacy Plugin up to 2.1 on WordPress. This impacts an unknown function of the component Password Change Handler. Performing a manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2023-4276. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in Realia Plugin up to 1.4.0 on WordPress. Affected is an unknown function of the component Email Handler. Executing a manipulation can lead to cross-site request forgery. This vulnerability is tracked as CVE-2023-4277. The attack can be launched remotely. No exploit exists.

A vulnerability was found in EmbedPress Plugin up to 3.8.2 on WordPress and classified as critical. Impacted is the function admin_post_remove/remove_private_data of the component Setting Handler. Executing a manipulation can lead to missing authorization. This vulnerability appears as CVE-2023-4282. The attack may be performed from remote. There is no available exploit.

A vulnerability labeled as problematic has been found in InfiniteWP Client up to 1.11.1 on WordPress. This impacts an unknown function. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2023-2916. The attack may be launched remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in Comments Like Dislike Plugin up to 1.1.9 on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2023-3244. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Charitable Donation Forms Plugin up to 1.7.0.12 on WordPress. The affected element is the function update_core_user. The manipulation of the argument role results in improper privilege management. This vulnerability is reported as CVE-2023-4404. The attack can be launched remotely. No exploit exists.