Aggregator

CVE-2025-7641 | Assistant for NextGEN Gallery Plugin up to 1.0.0/1.0.9 on WordPress REST Endpoint control improper authorization (EUVD-2025-25004)

4 weeks 2 days ago

A vulnerability was found in Assistant for NextGEN Gallery Plugin up to 1.0.0/1.0.9 on WordPress. It has been classified as critical. This vulnerability affects unknown code of the file /wp-json/nextgenassistant/v1.0.0/control of the component REST Endpoint. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-7641. The attack can be initiated remotely. There is no exploit available.

vuldb.com

Scammers turn to ‘ghost-tapping’ retail fraud to launder funds

The Record

4 weeks 2 days ago

A new report described how criminals use “ghost-tapping” — when stolen payment card details are uploaded onto a burner phone and used in-person to purchase goods.

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

Security Affairs

4 weeks 2 days ago

PhantomCard, an NFC-driven Android Trojan in Brazil, relays card data to fraudsters, spread via fake Google Play “card protection” apps. ThreatFabric warns of PhantomCard, a new Android NFC-driven trojan targeting Brazilian banking customers and possibly expanding globally. The malicious code is based on Chinese NFC relay Malware-as-a-Service, it relays victims’ card data to fraudsters for cash-out. The […]

Pierluigi Paganini

安全智能体引领防御变革 ISC.AI 2025论坛呈现多维度实践成果

安全客

4 weeks 2 days ago

安全客

Google Flights 推出全新 AI 工具，可寻找最低机票价格助力行程轻松规划

安全客

4 weeks 2 days ago

安全客

AI应用如何落地政企？首先不要卷通用大模型

安全客

4 weeks 2 days ago

安全客

Netflix招聘骗局：借虚假职位窃取用户Facebook登录数据

安全客

4 weeks 2 days ago

安全客

WordPress 插件曝RCE高危漏洞（CVE-2025-7384，CVSS 9.8），逾 7 万网站面临数据泄露与破坏风险

安全客

4 weeks 2 days ago

安全客

CISA警告：N-able N-central 平台漏洞被用于零日攻击

安全客

4 weeks 2 days ago

安全客

不再具有防网络钓鱼功能？新型降级攻击可绕过 FIDO 密钥验证

安全客

4 weeks 2 days ago

安全客

Booking.com网络钓鱼活动使用隐蔽的"ん"字符进行欺诈

安全客

4 weeks 2 days ago

安全客

PS1Bot 恶意软件活动升级：模块化 PowerShell 框架现身，暗藏新型隐蔽手法

安全客

4 weeks 2 days ago

安全客

DeepSeek обнулила месяцы работы: один сбой в чипах Huawei погубил весь прогресс R2

Securitylab.ru

4 weeks 2 days ago

Когда “в два раза быстрее” значит “мы так и не закончили".

Accelerating Threat-Led Defense with Tidal Cyber + ThreatConnect

Security Boulevard

4 weeks 2 days ago

Today, cybersecurity programs must go beyond deploying tools. They need to seamlessly integrate threat intelligence into every stage of defensive security for immediate operational impact. Tidal Cyber's Threat-Led Defense Platform includes a deep well of Cyber Threat Intelligence (CTI), all aligned with MITRE ATT&CK® TTPs, enabling you to determine whether your organization can defend against the latest threats. This is bolstered through a strategic integration with ThreatConnect RQ, which provides cyber risk quantification, to expand the knowledge base of threats visible to Tidal Cyber users.

The post Accelerating Threat-Led Defense with Tidal Cyber + ThreatConnect appeared first on Security Boulevard.

Tidal Cyber

思科披露重大RCE漏洞（CVE-2025-20265，CVSS 10）：未认证攻击者可劫持防火墙

安全客

4 weeks 2 days ago

安全客

Cisco discloses maximum-severity defect in firewall software

CyberScoop

4 weeks 2 days ago

The vulnerability, which Cisco said it discovered during internal security testing, could allow unauthenticated attackers to execute high-privilege commands.

The post Cisco discloses maximum-severity defect in firewall software appeared first on CyberScoop.

Matt Kapko

德国最高法院部分推翻广告屏蔽工具不侵犯版权判决

Solidot

4 weeks 2 days ago

德国出版商 Axel Springer 起诉广告屏蔽工具 Adblock Plus 开发商 Eyeo 一案已持续了十多年，基本上 Eyeo 一直是胜诉。2022 年汉堡上诉法院裁定 Adblock Plus 未侵犯网站版权，它被认为只是给予用户选择浏览器如何渲染页面。但今年 7 月 31 日，德国联邦最高法院部分推翻了汉堡法院的判决，将案件发回重审。Mozilla 官方博客发表声明，对此表达了关注，希望德国不会成为中国之后第二个禁止广告屏蔽工具的司法管辖区。北京火狐公司管理 Firefox 期间曾限制中国地区用户安装广告屏蔽扩展。