Aggregator

A vulnerability categorized as problematic has been discovered in cssigniterteam AudioIgniter Music Player Plugin up to 2.0.2 on WordPress. This vulnerability affects the function handle_playlist_endpoint of the file /audioigniter/playlist/. Executing a manipulation can lead to authorization bypass. This vulnerability is registered as CVE-2026-8679. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in smub Slider by Soliloquy Plugin up to 2.8.1 on WordPress. It has been rated as problematic. This affects the function map_meta_cap of the component Configuration Handler. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2026-7636. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in registrationformbuilder Vedrixa Forms Plugin up to 1.1.1 on WordPress. It has been declared as critical. Affected by this issue is the function wp_localize_script of the component Shortcode Handler. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-8692. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in kasparsd Widget Context Plugin up to 1.3.3 on WordPress. It has been classified as problematic. Affected by this vulnerability is the function save_widget_context_settings of the file /wp-admin/widgets.php. This manipulation causes cross-site request forgery. This vulnerability is tracked as CVE-2026-7615. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

一天前这颗大脑还在一个活人身上。如今在其主人去世数小时后，它静静地躺在一辆小推车上。车上布满了管道，向这个器官内泵入数升的血液替代品和其它液体，为其输送氧气并排出代谢废物。它的大部分核心功能都完好无损，但其电活动已被麻醉剂压制，使这颗大脑处于一种介于生死之间的游离状态。随着它代谢着实验性药物，传感器实时记录着其反应，捕捉关于细胞、蛋白质和生理机能的数百个数据点。24 小时后，它将被切成数百个碎片，以进行更深入的研究。它是生物创业公司 Bexorg 使用脑维持设备 BrainEx 培养和研究的逾七百颗大脑之一，被用于深入理解潜在疗法在患有帕金森、阿尔茨海默或肌萎缩侧索硬化症等神经退行性疾病大脑中的作用机制。Bexorg 能对大脑进行活检，了解药物在细胞中停留的时间、是否靶向其分子靶点以及是否存在任何副作用。Bexorg 认为它的系统能提供比实验室动物或培养皿细胞更接近真实情况的药物测试条件。Bexorg 此前一直保持低调，但最近在扩大规模，邀请了记者参观其实验室，试图向公众保证，脱离人体的大脑不会触犯伦理底线，也不会有恢复意识的风险。

Yaklang 原生编译与混淆落地

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation risks. The flaw, tracked as CVE-2026-34926, affects on-premise deployments of Trend Micro Apex One and could allow attackers to tamper with endpoint security systems. CVE-2026-34926 […]

The post CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit vulnerabilities to CISA. Email submissions remain available at [email protected] for organizations and individuals who prefer that route. “Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting … More →

The post CISA’s new KEV nomination form opens reporting to vendors and researchers appeared first on Help Net Security.

Поддельный архив надёжно усыпляет бдительность и виртуозно заметает следы атаки.

The FBI has issued a new cybersecurity warning about a rapidly emerging phishing-as-a-service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users to steal access tokens and bypass multi-factor authentication (MFA). Kali365 is being distributed primarily through Telegram channels, where threat actors can subscribe to the service and launch phishing campaigns with minimal […]

The post FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA appeared first on Cyber Security News.

“CCF-INFORSEC网络空间安全前沿创新论坛”将于明日在中国科学院计算技术研究所一层报告厅举办，欢迎参会！

AI安全目前过度依赖静态配置与清单检查，如同早期杀毒软件时代。行业亟需转向行为监测，避免重演终端安全的盲点与被动。

Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, the widely used AI and machine learning hub, effectively turning it into a malware delivery channel and a live data exfiltration […]

The post Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack appeared first on Cyber Security News.

1. Multiple Vulnerabilities in HP Linux Imaging and Printing Software Overview: Two vulnerabilities have been identified in HP Linux Imaging […]

The post Weekly Threat Landscape Digest – Week 21 appeared first on HawkEye.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-34291 (CVSS score of 9.4) is […]

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI said. … More →

The post Microsoft 365 users targeted by new phishing threat that bypasses MFA appeared first on Help Net Security.

Закрытая кабина превратилась в круглосуточный источник ценных сведений.

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. [...]

智能体安全风险实景演示！