Aggregator

ARG 即侵入现实游戏（Alternate Reality Game），是一种基于现实世界，融合各种多媒体（如网站、电话、社交媒体等）技术的互动式解谜游戏。由于其与现实的高度结合所带来的沉浸感，一直以

A vulnerability was found in Autoptimize Plugin up to 3.1.14 on WordPress. It has been classified as problematic. This impacts an unknown function of the component Regular Expression Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-3220. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Ajax Load More Plugin up to 7.8.3 on WordPress and classified as problematic. This affects an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-6495. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

The development framework Next.js has remediated a critical security vulnerability, designated as CVE-2026-44578, which afflicts applications deployed on

The post Open Proxy Risk: High-Severity Next.js SSRF Flaw Exposes Cloud Metadata Endpoints appeared first on Penetration Testing Tools.

A vulnerability has been found in WP Photo Album Plus Plugin 9.1.11.0 on WordPress and classified as critical. The impacted element is an unknown function. Performing a manipulation results in sql injection. This vulnerability is reported as CVE-2026-6379. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Feeds for YouTube Plugin up to 2.6.3 on WordPress. The affected element is the function actions of the component License Key Handler. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2026-1631. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

«Деньги не тронем. Пока что» — обещает OpenAI.

The Federal Bureau of Investigation (FBI) has executed a remote reset of thousands of domestic and small-office routers

The post Operation Masquerade: FBI Executes Remote Reset on Thousands of Routers to Purge Russian Malware appeared first on Penetration Testing Tools.

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. "Fast16's hook engine is selectively interested in

Industrial Sabotage / MalwareA new analysis of the Lua-based fast16 malware has confirmed that it

WordPress websites have once again fallen under siege due to a critical flaw in a popular extension. On

The post Under Siege: Critical Auth Bypass Flaw in Burst Statistics Plugin Puts 115,000+ WordPress Sites at Risk appeared first on Penetration Testing Tools.

AMD Mesa 驱动开发者 Marek Olšák 更新了个人资料，显示他正为 Valve 工作。Marek 是资深 Linux GPU 驱动开发者，长期致力于 AMD Mesa 驱动开

AMD Mesa 驱动开发者 Marek Olšák 更新了个人资料，显示他正为 Valve 工作。Marek 是资深 Linux GPU 驱动开发者，长期致力于 AMD Mesa 驱动开发，从 R300g 时代开始参与 Mesa 项目。他最初是 Mesa 项目的独立开发者，在大学毕业后加入 AMD。十多年以来他一直是 AMD Linux Mesa 驱动的主要开发者，也是最活跃的开发者之一。现在他将代表 Valve 继续参与 Mesa 项目开发，估计薪水会更高。Valve 的 Steam Deck 和 Steam Machine 采用了定制的 AMD SoC，是 AMD 开源驱动的重要支持者。

作为人际纠纷咨询对象，年长女性往往更倾向于选择AI而非真人。日本信息经济社会推进协会结果显示，关于倾诉人际关系困扰时更倾向于选择真人还是AI的问题，47.8% 的六七十岁女性选择AI。从年轻人群等其他

A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shortly after disclosure. “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer […]

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

Microsoft has officially acknowledged a critical installation failure affecting its May 2026 Patch Tuesday cumulative update for Windows 11, KB5089549, leaving users stranded with error code 0x800f0922 and, in some cases, additional errors 0x80240069 and 0x80240031. The known issue was formally added to the update’s change log on May 15, 2026, just three days after […]

The post Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922 appeared first on Cyber Security News.

A vulnerability was found in Google Chrome on Windows. It has been rated as critical. This issue affects some unknown processing of the component WebML. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2026-8531. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.