Aggregator

ChanCMS <=3.3.2的审计过程

A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially crafted email to a FreeScout mailbox. CVE-2026-28289 exploitation FreeScout is a free, open-source help desk and shared inbox system used by businesses or teams to manage customer support conversations in one place. It is built with PHP (Laravel) and MySQL, and it’s designed to be self-hosted – either on-premises, on a … More →

The post FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) appeared first on Help Net Security.

Google is making changes to the Play Store after settling its legal fight with Epic Games, focusing on three areas: more billing options, lower fees with new programs for developers, and a program for registered app stores. The rollout begins in the European Economic Area, the United Kingdom and the United States by June 30, 2026. Australia follows in September, while Japan and South Korea receive the changes by the end of 2026. The rest … More →

The post Google changes Play Store policies after settling Epic Games dispute appeared first on Help Net Security.

关键词漏洞思科修复了两个高危 Secure FMC 漏洞，攻击者可利用其获取受管理防火墙的 root 权限。

关键词服务中断现代汽车配备了大量安全功能，但这些实用工具可能泄露的远不止胎压数据。

关键词服务中断对大多数人而言，Telegram只是个人与群组聊天的便捷工具。但在网络安全领域，这款应用已演变成更令人担忧的存在。

关键词服务中断据央视新闻报道，国家安全机关已侦破多起境外黑客组织利用发票钓鱼邮件实施网络窃密的案件，提醒公众警

Если ваш ноутбук подозрительно шумит, возможно, он просто пересказывает пароли соседям.

System Meant to Dispel FUD Faces Uphill Climb to Widespread Adoption
Hurricanes, tornados, earthquakes - and now operational technology cyber incidents - all can receive a numerical score based on their severity, although a new effort promoting an "OT Incident Impact Score" faces an uphill climb to get the traction it needs to succeed.

Millisecond Detection and Layered Controls Will Shape Future Payment Security
Stablecoins can remove chargebacks and make transactions irreversible in fraud cases. This trend is forcing banks to analyze risks before a payment executes. AI models must work within milliseconds while maintaining accuracy and minimizing friction for legitimate users.

State CIOs Are Exploring How AI Agents Can Boost Productivity, Efficiency
Reputation aside, most pen pushers in state governments don't actually like pushing paper. They also don't care to force citizens to fill out forms in triplicate. Two decades of promises to minimize those chores may be on the cusp of gloriously coming true with the advent of agentic AI.

Series A Funding Aims to Give Security Teams Visibility Into Complex SecOps Stacks
Fig Security has raised $30 million in Series A funding to help organizations modernize their SOC infrastructure. The startup said CISOs lack visibility into complex SecOps pipelines spanning SIEMs, data lakes and automation tools, which can lead to silent failures that undermine threat detection.

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage.  Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, or

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

The Taipei District Prosecutors Office initiated its investigation in October after Chen Zhi, the founder of the Prince Group, was indicted by U.S. prosecutors on money laundering charges.

Cisco has issued an urgent security advisory for a critical vulnerability affecting its Secure Firewall Management Center (FMC) software. This flaw, rated with the maximum possible CVSS score of 10.0, allows remote, unauthenticated attackers to execute arbitrary code and gain complete root-level control over the affected system. The vulnerability exists in the web-based management interface […]

The post Cisco Secure Firewall Management Vulnerability Enables Remote Code Execution appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in ThemeREX Muzicon Plugin up to 1.9.0 on WordPress. Impacted is an unknown function. The manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is cataloged as CVE-2026-28107. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in LambertGroup AllInOne Plugin up to 3.8 on WordPress. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-28110. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in LambertGroup AllInOne Plugin up to 3.8 on WordPress. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-28108. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in LambertGroup AllInOne Plugin up to 3.8 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-28109. The attack may be initiated remotely. There is no available exploit.