Aggregator

A vulnerability was found in sonalsinha21 SKT Page Builder Plugin up to 4.7 on WordPress and classified as critical. This issue affects the function addLibraryByArchive. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-12848. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in stylemix Header Builder Plugin up to 1.3.8 on WordPress and classified as problematic. This vulnerability affects the function stm_header_builder. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12206. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Posturinn Shipping with WooCommerce Plugin up to 1.3.1 on WordPress. This affects the function printed_marked/nonprinted_marked. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11815. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Database Backup Plugin up to 7.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to exposure of backup file to an unauthorized control sphere. This vulnerability is handled as CVE-2024-12330. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s still impossible to say whether they were mounted by a single threat actor, but the use of known malware on at least one of the compromised VPN appliances points to China-nexus espionage actor(s) – UNC5337 and UNC5221 – that have exploited ICS zero-days several times in the past few … More →

The post Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) appeared first on Help Net Security.

The malicious Southeast Asian APT group known as OceanLotus (APT32) has been implicated in a sophisticated attack that compromises the privacy of cybersecurity professionals. A recent investigation by the ThreatBook Research and Response Team revealed that a popular privilege escalation tool utilized by cybersecurity experts had been backdoored, leading to significant data breaches and identity […]

The post APT32 Hacker Group Attacking Cybersecurity Professionals Poisoning GitHub appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more.

Ruben Brekelmans heeft voor het eerst als minister Curaçao, Aruba en Sint Maarten bezocht. De afgelopen 3 dagen maakte hij kennis met de daar gestationeerde militaire eenheden en het lokale bestuur. Defensie is verantwoordelijk voor de bescherming van het Caribisch deel van het koninkrijk.

Изменит ли расследование работу платформы Илона Маска?

Facebook Unveils Community Notes Program But Has Done Little to Curb Fraud
Meta has decided to end its fact-checking program. Meta CEO Mark Zuckerberg announced significant changes to the company's moderation policies and practices on Tuesday, attributing the shift to a renewed commitment to free speech. Some fear the move will embolden financial scammers.

Transfer of German Man's IP Address Wins Him 400 Euros
European privacy regulation - bane of American technology companies and a favorite cudgel of activists - came to haunt no less an organization than the European Commission, which must pay 400 euros to aggrieved German national Thomas Bindl, peeved that Facebook obtained his IP address.

US Senate Unlikely to Ratify Contentious Cybercrime Treaty Amid Mounting Concerns
Experts tell Information Security Media Group that a controversial United Nations cybercrime convention is unlikely to be ratified in the U.S. Senate due to mounting concerns from technology, human rights and privacy advocates over its potential impact on internet security and privacy protections.

Suspected Chinese Attackers Again Tied to Active Exploitation of VPN Appliances
VPN appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Experts are warning users to immediately update their devices, after factory resetting them to flush any malware attackers may have installed.

Quantum computers need a "clean" workspace, and a team including scientists at NIST has found a way to make one.

A vulnerability was found in x-net-html up to 0.32.x on Go. It has been classified as problematic. Affected is an unknown function of the component Parse Handler. The manipulation leads to asymmetric resource consumption. This vulnerability is traded as CVE-2024-45338. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

As SaaS providers race to integrate AI into their product offerings to stay competitive and relevan

As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.  Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a